qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] bca579: crypto: remove conditional around 3DE


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] bca579: crypto: remove conditional around 3DES crypto test...
Date: Thu, 15 Jul 2021 11:11:41 -0700

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: bca579e61954f6dcdd11d88c9b9c59f22a3e695d
      
https://github.com/qemu/qemu/commit/bca579e61954f6dcdd11d88c9b9c59f22a3e695d
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/unit/test-crypto-cipher.c

  Log Message:
  -----------
  crypto: remove conditional around 3DES crypto test cases

The main method checks whether the cipher choice is supported
at runtime, so there is no need for compile time conditions.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 1685983133fe855553b337cb5d34d430e0aceca1
      
https://github.com/qemu/qemu/commit/1685983133fe855553b337cb5d34d430e0aceca1
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/unit/test-crypto-pbkdf.c

  Log Message:
  -----------
  crypto: remove obsolete crypto test condition

Since we now require gcrypt >= 1.8.0, there is no need
to exclude the pbkdf test case.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 295736cfc82ae9019cd647ef012a71f4e277e864
      
https://github.com/qemu/qemu/commit/295736cfc82ae9019cd647ef012a71f4e277e864
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/unit/test-crypto-ivgen.c

  Log Message:
  -----------
  crypto: skip essiv ivgen tests if AES+ECB isn't available

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 7ea450b0f02f83637794af4991f0b684608d6a25
      
https://github.com/qemu/qemu/commit/7ea450b0f02f83637794af4991f0b684608d6a25
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/unit/test-crypto-hash.c
    M tests/unit/test-crypto-hmac.c

  Log Message:
  -----------
  crypto: use &error_fatal in crypto tests

Using error_fatal provides better diagnostics when tests
failed, than using asserts, because we see the text of
the error message.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 1741093b0a782541b7508ca5ff26836f179e864b
      
https://github.com/qemu/qemu/commit/1741093b0a782541b7508ca5ff26836f179e864b
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M meson.build

  Log Message:
  -----------
  crypto: fix gcrypt min version 1.8 regression

The min gcrypt was bumped:

  commit b33a84632a3759c00320fd80923aa963c11207fc
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Fri May 14 13:04:08 2021 +0100

    crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support

but this was accidentally lost in conflict resolution for

  commit 5761251138cb69c310e9df7dfc82c4c6fd2444e4
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   Thu Jun 3 11:15:26 2021 +0200

    configure, meson: convert crypto detection to meson

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: ea7a6802c75acdc199e434dfd9d4093dbdb18863
      
https://github.com/qemu/qemu/commit/ea7a6802c75acdc199e434dfd9d4093dbdb18863
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/init.c

  Log Message:
  -----------
  crypto: drop gcrypt thread initialization code

This is only required on gcrypt < 1.6.0, and is thus obsolete
since

  commit b33a84632a3759c00320fd80923aa963c11207fc
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Fri May 14 13:04:08 2021 +0100

    crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 7b40aa4b968a5674a75bbf7e25b88927fcb9ae01
      
https://github.com/qemu/qemu/commit/7b40aa4b968a5674a75bbf7e25b88927fcb9ae01
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/cipher-gcrypt.c.inc
    M meson.build

  Log Message:
  -----------
  crypto: drop custom XTS support in gcrypt driver

The XTS cipher mode was introduced in gcrypt 1.8.0, which
matches QEMU's current minimum version.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: f8157e100c0ed7c0b6ca98ce20c969e1f6dcb968
      
https://github.com/qemu/qemu/commit/f8157e100c0ed7c0b6ca98ce20c969e1f6dcb968
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/unit/test-crypto-cipher.c

  Log Message:
  -----------
  crypto: add crypto tests for single block DES-ECB and DES-CBC

The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC.
We can use the latter to simulate the former, if we encrypt only
1 block (8 bytes) of data at a time, using an all-zeros IV. This
is a very inefficient way to use the QCryptoCipher APIs, but
since the VNC authentication challenge is only 16 bytes, this
is acceptable. No other part of QEMU should be using DES. This
test case demonstrates the equivalence of ECB and CBC for the
single-block case.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 21407ddf967f9b6f9ea22ab3a1644f6b29d53255
      
https://github.com/qemu/qemu/commit/21407ddf967f9b6f9ea22ab3a1644f6b29d53255
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/cipher-builtin.c.inc
    R crypto/desrfb.c
    M crypto/meson.build

  Log Message:
  -----------
  crypto: delete built-in DES implementation

The built-in DES implementation is used for the VNC server password
authentication scheme. When building system emulators it is reasonable
to expect that an external crypto library is being used. It is thus
not worth keeping a home grown DES implementation in tree.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 6801404429d51b260e08c6ad54dbf3ac430016db
      
https://github.com/qemu/qemu/commit/6801404429d51b260e08c6ad54dbf3ac430016db
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/cipher-builtin.c.inc
    M crypto/meson.build
    M meson.build

  Log Message:
  -----------
  crypto: delete built-in XTS cipher mode support

The built-in AES+XTS implementation is used for the LUKS encryption
When building system emulators it is reasonable to expect that an
external crypto library is being used instead. The performance of the
builtin XTS implementation is terrible as it has no CPU acceleration
support. It is thus not worth keeping a home grown XTS implementation
for the built-in cipher backend.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 83bee4b51fad383c1ee9b9f58fefb90fddae1c00
      
https://github.com/qemu/qemu/commit/83bee4b51fad383c1ee9b9f58fefb90fddae1c00
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/cipher-gcrypt.c.inc
    M crypto/cipher-nettle.c.inc
    M crypto/cipher.c
    M qapi/crypto.json
    M tests/unit/test-crypto-cipher.c
    M ui/vnc.c

  Log Message:
  -----------
  crypto: replace 'des-rfb' cipher with 'des'

Currently the crypto layer exposes support for a 'des-rfb'
algorithm which is just normal single-DES, with the bits
in each key byte reversed. This special key munging is
required by the RFB protocol password authentication
mechanism.

Since the crypto layer is generic shared code, it makes
more sense to do the key byte munging in the VNC server
code, and expose normal single-DES support.

Replacing cipher 'des-rfb' by 'des' looks like an incompatible
interface change, but it doesn't matter.  While the QMP schema
allows any QCryptoCipherAlgorithm for the 'cipher-alg' field
in QCryptoBlockCreateOptionsLUKS, the code restricts what can
be used at runtime. Thus the only effect is a change in error
message.

Original behaviour:

 $ qemu-img create -f luks --object secret,id=sec0,data=123 -o 
cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
 Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 
cipher-alg=des-rfb
 qemu-img: demo.luks: Algorithm 'des-rfb' not supported

New behaviour:

 $ qemu-img create -f luks --object secret,id=sec0,data=123 -o 
cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G
 Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 
cipher-alg=des-fish
 qemu-img: demo.luks: Invalid parameter 'des-rfb'

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 260a13d4726ce62bdc0ed3a7a13c34de3367f5e2
      
https://github.com/qemu/qemu/commit/260a13d4726ce62bdc0ed3a7a13c34de3367f5e2
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M meson.build

  Log Message:
  -----------
  crypto: flip priority of backends to prefer gcrypt

Originally we preferred to use nettle over gcrypt because
gnutls already links to nettle and thus it minimizes the
dependencies. In retrospect this was the wrong criteria to
optimize for.

Currently shipping versions of gcrypt have cipher impls that
are massively faster than those in nettle and this is way
more important.  The nettle library is also not capable of
enforcing FIPS compliance, since it considers that out of
scope. It merely aims to provide general purpose impls of
algorithms, and usage policy is left upto the layer above,
such as GNUTLS.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: cc4c7c738297958b3d1d16269f57d71d22f5a9ff
      
https://github.com/qemu/qemu/commit/cc4c7c738297958b3d1d16269f57d71d22f5a9ff
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/meson.build
    M meson.build

  Log Message:
  -----------
  crypto: introduce build system for gnutls crypto backend

This introduces the build logic needed to decide whether we can
use gnutls as a crypto driver backend. The actual implementations
will be introduced in following patches. We only wish to use
gnutls if it has version 3.6.14 or newer, because that is what
finally brings HW accelerated AES-XTS mode for x86_64.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 3d2b61ffcd4a5a8f5bfcdb2be5eac1a37f5caaa1
      
https://github.com/qemu/qemu/commit/3d2b61ffcd4a5a8f5bfcdb2be5eac1a37f5caaa1
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    A crypto/cipher-gnutls.c.inc
    M crypto/cipher.c

  Log Message:
  -----------
  crypto: add gnutls cipher provider

Add an implementation of the QEMU cipher APIs to the gnutls
crypto backend. XTS support is only available for gnutls
version >= 3.6.8. Since ECB mode is not exposed by gnutls
APIs, we can't use the private XTS code for compatibility.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 9a85ca050aa4e7624615e9ae95cf54d5640c6804
      
https://github.com/qemu/qemu/commit/9a85ca050aa4e7624615e9ae95cf54d5640c6804
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    A crypto/hash-gnutls.c
    M crypto/meson.build

  Log Message:
  -----------
  crypto: add gnutls hash provider

This adds support for using gnutls as a provider of the crypto
hash APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 678307b605da9ebbda3a6269b5a6ab2d3002e241
      
https://github.com/qemu/qemu/commit/678307b605da9ebbda3a6269b5a6ab2d3002e241
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    A crypto/hmac-gnutls.c

  Log Message:
  -----------
  crypto: add gnutls hmac provider

This adds support for using gnutls as a provider of the crypto
hmac APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 8c1d3dc772352284e7f8757131f2ed3f483dd922
      
https://github.com/qemu/qemu/commit/8c1d3dc772352284e7f8757131f2ed3f483dd922
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M crypto/meson.build
    A crypto/pbkdf-gnutls.c

  Log Message:
  -----------
  crypto: add gnutls pbkdf provider

This adds support for using gnutls as a provider of the crypto
pbkdf APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 8bd0931f63008b1d50c8df75a611323a93c052bf
      
https://github.com/qemu/qemu/commit/8bd0931f63008b1d50c8df75a611323a93c052bf
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M meson.build

  Log Message:
  -----------
  crypto: prefer gnutls as the crypto backend if new enough

If we have gnutls >= 3.6.13, then it has enough functionality
and performance that we can use it as the preferred crypto
backend.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 96916f36c4c86bd5f017cc58abca90b79693c878
      
https://github.com/qemu/qemu/commit/96916f36c4c86bd5f017cc58abca90b79693c878
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M hw/net/rocker/rocker.h

  Log Message:
  -----------
  net/rocker: use GDateTime for formatting timestamp in debug messages

The GDateTime APIs provided by GLib avoid portability pitfalls, such
as some platforms where 'struct timeval.tv_sec' field is still 'long'
instead of 'time_t'. When combined with automatic cleanup, GDateTime
often results in simpler code too.

Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: cfb47f2178c2c9c81870aab0bc0c93e5758cff86
      
https://github.com/qemu/qemu/commit/cfb47f2178c2c9c81870aab0bc0c93e5758cff86
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: use GDateTime for formatting timestamp for websock headers

The GDateTime APIs provided by GLib avoid portability pitfalls, such
as some platforms where 'struct timeval.tv_sec' field is still 'long'
instead of 'time_t'. When combined with automatic cleanup, GDateTime
often results in simpler code too.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 2ce949a4c187b2a6aa68ab03216ee271b408fa63
      
https://github.com/qemu/qemu/commit/2ce949a4c187b2a6aa68ab03216ee271b408fa63
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M softmmu/qemu-seccomp.c

  Log Message:
  -----------
  seccomp: don't block getters for resource control syscalls

Recent GLibC calls sched_getaffinity in code paths related to malloc and
when QEMU blocks access, it sends it off into a bad codepath resulting
in stack exhaustion[1]. The GLibC bug is being fixed[2], but none the
less, GLibC has valid reasons to want to use sched_getaffinity.

It is not unreasonable for code to want to run many resource syscalls
for information gathering, so it is a bit too harsh for QEMU to block
them.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1975693
[2] https://sourceware.org/pipermail/libc-alpha/2021-June/128271.html
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 927fae0eb9af2bcde2cd2030d478d365f2edf7e9
      
https://github.com/qemu/qemu/commit/927fae0eb9af2bcde2cd2030d478d365f2edf7e9
  Author: Hyman <huangy81@chinatelecom.cn>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M tests/migration/guestperf/engine.py

  Log Message:
  -----------
  tests/migration: fix unix socket migration

The test aborts and error message as the following be throwed:
"No such file or directory: '/var/tmp/qemu-migrate-{pid}.migrate",
when the unix socket migration test nearly done. The reason is
qemu removes the unix socket file after migration before
guestperf.py script do it. So pre-check if the socket file exists
when removing it to prevent the guestperf program from aborting.

See also commit f9cc00346d3 ("tests/migration: fix unix socket batch
migration").

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Hyman <huangy81@chinatelecom.cn>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 2edb76ea57a0cdf80076c8cf77e2acd60ce8c7f8
      
https://github.com/qemu/qemu/commit/2edb76ea57a0cdf80076c8cf77e2acd60ce8c7f8
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M docs/system/cpu-models-x86.rst.inc

  Log Message:
  -----------
  docs: fix typo s/Intel/AMD/ in CPU model notes

Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: ce8ee7c6264f18392f19113fd0a27326151b9d5b
      
https://github.com/qemu/qemu/commit/ce8ee7c6264f18392f19113fd0a27326151b9d5b
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M qemu-options.hx

  Log Message:
  -----------
  qemu-options: re-arrange CPU topology options

The list of CPU topology options are presented in a fairly arbitrary
order currently. Re-arrange them so that they're ordered from largest to
smallest unit

Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: b9361bdc1fb0968b13760cbf33afdd1dc602b9e7
      
https://github.com/qemu/qemu/commit/b9361bdc1fb0968b13760cbf33afdd1dc602b9e7
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M qemu-options.hx

  Log Message:
  -----------
  qemu-options: tweak to show that CPU count is optional

The initial CPU count number is not required, if any of the topology
options are given, since it can be computed.

Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 80d78357495837f1f0e53fbb6bca5fb793631d94
      
https://github.com/qemu/qemu/commit/80d78357495837f1f0e53fbb6bca5fb793631d94
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2021-07-14 (Wed, 14 Jul 2021)

  Changed paths:
    M qemu-options.hx

  Log Message:
  -----------
  qemu-options: rewrite help for -smp options

The -smp option help is peculiarly specific about mentioning the CPU
upper limits, but these are wrong. The "PC" target has varying max
CPU counts depending on the machine type picked. Notes about guest
OS limits are inappropriate for QEMU docs. There are way too many
machine types for it to be practical to mention actual limits, and
some limits are even modified by downstream distribtions. Thus it
is better to remove the specific limits entirely.

The CPU topology reporting is also not neccessarily specific to the
PC platform and descriptions around the rules of usage are somewhat
terse. Expand this information with some examples to show effects
of defaulting.

Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: d4127349e316b5c78645f95dba5922196ac4cc23
      
https://github.com/qemu/qemu/commit/d4127349e316b5c78645f95dba5922196ac4cc23
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-07-15 (Thu, 15 Jul 2021)

  Changed paths:
    M crypto/cipher-builtin.c.inc
    M crypto/cipher-gcrypt.c.inc
    A crypto/cipher-gnutls.c.inc
    M crypto/cipher-nettle.c.inc
    M crypto/cipher.c
    R crypto/desrfb.c
    A crypto/hash-gnutls.c
    A crypto/hmac-gnutls.c
    M crypto/init.c
    M crypto/meson.build
    A crypto/pbkdf-gnutls.c
    M docs/system/cpu-models-x86.rst.inc
    M hw/net/rocker/rocker.h
    M io/channel-websock.c
    M meson.build
    M qapi/crypto.json
    M qemu-options.hx
    M softmmu/qemu-seccomp.c
    M tests/migration/guestperf/engine.py
    M tests/unit/test-crypto-cipher.c
    M tests/unit/test-crypto-hash.c
    M tests/unit/test-crypto-hmac.c
    M tests/unit/test-crypto-ivgen.c
    M tests/unit/test-crypto-pbkdf.c
    M ui/vnc.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging

Merge crypto updates and misc fixes

 * Introduce a GNUTLS backend for crypto algorithms
 * Change crypto library preference gnutls > gcrypt > nettle > built-in
 * Remove built-in DES impl
 * Remove XTS mode from built-in AES impl
 * Fix seccomp rules to allow resource info getters
 * Fix migration performance test
 * Use GDateTime in io/ and net/rocker/ code
 * Improve docs for -smp

# gpg: Signature made Wed 14 Jul 2021 15:08:00 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/crypto-and-more-pull-request: (26 commits)
  qemu-options: rewrite help for -smp options
  qemu-options: tweak to show that CPU count is optional
  qemu-options: re-arrange CPU topology options
  docs: fix typo s/Intel/AMD/ in CPU model notes
  tests/migration: fix unix socket migration
  seccomp: don't block getters for resource control syscalls
  io: use GDateTime for formatting timestamp for websock headers
  net/rocker: use GDateTime for formatting timestamp in debug messages
  crypto: prefer gnutls as the crypto backend if new enough
  crypto: add gnutls pbkdf provider
  crypto: add gnutls hmac provider
  crypto: add gnutls hash provider
  crypto: add gnutls cipher provider
  crypto: introduce build system for gnutls crypto backend
  crypto: flip priority of backends to prefer gcrypt
  crypto: replace 'des-rfb' cipher with 'des'
  crypto: delete built-in XTS cipher mode support
  crypto: delete built-in DES implementation
  crypto: add crypto tests for single block DES-ECB and DES-CBC
  crypto: drop custom XTS support in gcrypt driver
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/438951e8839c...d4127349e316



reply via email to

[Prev in Thread] Current Thread [Next in Thread]