[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e8e67c: crypto: switch to modern nettle AES A
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] e8e67c: crypto: switch to modern nettle AES APIs |
Date: |
Fri, 19 Jul 2019 06:58:52 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: e8e67ca4c17f4d525330d2d6b9b0a3cd19174c06
https://github.com/qemu/qemu/commit/e8e67ca4c17f4d525330d2d6b9b0a3cd19174c06
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M crypto/cipher-nettle.c
Log Message:
-----------
crypto: switch to modern nettle AES APIs
The aes_ctx struct and aes_* functions have been deprecated in nettle
3.5, in favour of keysize specific functions which were introduced
first in nettle 3.0.
Switch QEMU code to use the new APIs and add some backcompat defines
such that it still builds on nettle 2.7
Reviewed-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: f887849007312454574ebc1057a438beaa2916df
https://github.com/qemu/qemu/commit/f887849007312454574ebc1057a438beaa2916df
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M crypto/hash-nettle.c
M crypto/hmac-nettle.c
Log Message:
-----------
crypto: fix function signatures for nettle 2.7 vs 3
Nettle version 2.7.x used 'unsigned int' instead of 'size_t' for length
parameters in functions. Use a local typedef so that we can build with
the correct signature depending on nettle version, as we already do in
the cipher code.
Reported-by: Amol Surati <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: 02f9135be6bbb4f1ec1ebe55d4d63a55836ea197
https://github.com/qemu/qemu/commit/02f9135be6bbb4f1ec1ebe55d4d63a55836ea197
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M Makefile.target
M configure
Log Message:
-----------
configure: only link capstone to emulation targets
Only the emulators link to code that uses capstone, so adding it to the
global LIBs places undesirable dependancies on other binaries, in
particular the tools.
There is no variable that covers both user emulation and machine
emulation, so add a new "$libs_cpu" for this purpose.
In particular this removes the 8 MB capstone dep from the things
qemu-img links against, allowing for a more minimal installation
in scenarios that don't want system emulators installed.
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: 4f24430821c568936aeda417bbb00e989a9e1984
https://github.com/qemu/qemu/commit/4f24430821c568936aeda417bbb00e989a9e1984
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M docs/security.texi
Log Message:
-----------
doc: document that the monitor console is a privileged control interface
A supposed exploit of QEMU was recently announced as CVE-2019-12928
claiming that the monitor console was insecure because the "migrate"
command enabled arbitrary command execution for a remote attacker.
To be a security risk the user launching QEMU must have configured
the monitor in a way that allows for other users to access it. The
exploit report quoted use of the "tcp" character device backend for
QMP.
This would indeed allow any network user to connect to QEMU and
execute arbitrary commands, however, this is not a flaw in QEMU.
It is the normal expected behaviour of the monitor console and the
commands it supports. Given a monitor connection, there are many
ways to access host file system content besides the migrate command.
The reality is that the monitor console (whether QMP or HMP) is
considered a privileged interface to QEMU and as such must only
be made available to trusted users. IOW, making it available with
no authentication over TCP is simply a, very serious, user
configuration error not a security flaw in QEMU itself.
The one thing this bogus security report highlights though is that
we have not clearly documented the security implications around the
use of the monitor. Add a few paragraphs of text to the security
docs explaining why the monitor is a privileged interface and making
a recommendation to only use the UNIX socket character device backend.
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Reviewed-by: Prasad J Pandit <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: b7cbb8741b40b7cd4de9ad6bdb69baae4d6dadcf
https://github.com/qemu/qemu/commit/b7cbb8741b40b7cd4de9ad6bdb69baae4d6dadcf
Author: Thomas Huth <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M crypto/block-luks.c
M crypto/block-luks.h
M crypto/block-qcow.c
M crypto/block-qcow.h
M crypto/block.c
M crypto/blockpriv.h
M crypto/cipher-builtin.c
M crypto/cipher-gcrypt.c
M crypto/cipher-nettle.c
M crypto/cipher.c
M crypto/hash-gcrypt.c
M crypto/hash-glib.c
M crypto/hash-nettle.c
M crypto/hash.c
M crypto/init.c
M crypto/ivgen-essiv.c
M crypto/ivgen-essiv.h
M crypto/ivgen-plain.c
M crypto/ivgen-plain.h
M crypto/ivgen-plain64.c
M crypto/ivgen-plain64.h
M crypto/ivgen.c
M crypto/ivgenpriv.h
M crypto/pbkdf-gcrypt.c
M crypto/pbkdf-nettle.c
M crypto/pbkdf-stub.c
M crypto/pbkdf.c
M crypto/random-gcrypt.c
M crypto/random-gnutls.c
M crypto/random-platform.c
M crypto/secret.c
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M crypto/tlssession.c
M crypto/xts.c
M include/crypto/block.h
M include/crypto/cipher.h
M include/crypto/hash.h
M include/crypto/init.h
M include/crypto/ivgen.h
M include/crypto/pbkdf.h
M include/crypto/random.h
M include/crypto/secret.h
M include/crypto/tlscreds.h
M include/crypto/tlscredsanon.h
M include/crypto/tlscredspsk.h
M include/crypto/tlscredsx509.h
M include/crypto/tlssession.h
M include/crypto/xts.h
Log Message:
-----------
crypto: Fix LGPL information in the file headers
It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of the "Lesser" license. So assume that version 2.1 is meant here.
Signed-off-by: Thomas Huth <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Commit: e2b47666fe1544959c89bd3ed159e9e37cc9fc73
https://github.com/qemu/qemu/commit/e2b47666fe1544959c89bd3ed159e9e37cc9fc73
Author: Peter Maydell <address@hidden>
Date: 2019-07-19 (Fri, 19 Jul 2019)
Changed paths:
M Makefile.target
M configure
M crypto/block-luks.c
M crypto/block-luks.h
M crypto/block-qcow.c
M crypto/block-qcow.h
M crypto/block.c
M crypto/blockpriv.h
M crypto/cipher-builtin.c
M crypto/cipher-gcrypt.c
M crypto/cipher-nettle.c
M crypto/cipher.c
M crypto/hash-gcrypt.c
M crypto/hash-glib.c
M crypto/hash-nettle.c
M crypto/hash.c
M crypto/hmac-nettle.c
M crypto/init.c
M crypto/ivgen-essiv.c
M crypto/ivgen-essiv.h
M crypto/ivgen-plain.c
M crypto/ivgen-plain.h
M crypto/ivgen-plain64.c
M crypto/ivgen-plain64.h
M crypto/ivgen.c
M crypto/ivgenpriv.h
M crypto/pbkdf-gcrypt.c
M crypto/pbkdf-nettle.c
M crypto/pbkdf-stub.c
M crypto/pbkdf.c
M crypto/random-gcrypt.c
M crypto/random-gnutls.c
M crypto/random-platform.c
M crypto/secret.c
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M crypto/tlssession.c
M crypto/xts.c
M docs/security.texi
M include/crypto/block.h
M include/crypto/cipher.h
M include/crypto/hash.h
M include/crypto/init.h
M include/crypto/ivgen.h
M include/crypto/pbkdf.h
M include/crypto/random.h
M include/crypto/secret.h
M include/crypto/tlscreds.h
M include/crypto/tlscredsanon.h
M include/crypto/tlscredspsk.h
M include/crypto/tlscredsx509.h
M include/crypto/tlssession.h
M include/crypto/xts.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request'
into staging
Merge misc fixes
A collection of patches I have fixing crypto code and other pieces
without an assigned maintainer
* Fixes crypto function signatures to be compatible with
both old and new versions of nettle
* Fixes deprecation warnings on new nettle
* Fixes GPL license header typos
* Documents security implications of monitor usage
* Optimize linking of capstone to avoid it in tools
# gpg: Signature made Fri 19 Jul 2019 14:24:37 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>" [full]
# gpg: aka "Daniel P. Berrange <address@hidden>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/misc-next-pull-request:
crypto: Fix LGPL information in the file headers
doc: document that the monitor console is a privileged control interface
configure: only link capstone to emulation targets
crypto: fix function signatures for nettle 2.7 vs 3
crypto: switch to modern nettle AES APIs
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/c054147ecc85...e2b47666fe15
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e8e67c: crypto: switch to modern nettle AES APIs,
Peter Maydell <=