[Qemu-commits] [qemu/qemu] b767d2: crypto: add "none" random provider

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] b767d2: crypto: add "none" random provider

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] b767d2: crypto: add "none" random provider
Date:	Tue, 16 Jun 2020 02:15:28 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: b767d2578da4a46ff5e353f14da6364b97df1020
      
https://github.com/qemu/qemu/commit/b767d2578da4a46ff5e353f14da6364b97df1020
  Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M configure
    M crypto/Makefile.objs
    A crypto/random-none.c

  Log Message:
  -----------
  crypto: add "none" random provider

In case of not using random-number needing feature, it makes sense to
skip RNG init too. This is especially helpful when QEMU is sandboxed in
Stubdomain under Xen, where there is very little entropy so initial
getrandom() call delays the startup several seconds. In that setup, no
random bytes are needed at all.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 4862bd3cd2052f1b48e4d08b1820e70a255c4859
      
https://github.com/qemu/qemu/commit/4862bd3cd2052f1b48e4d08b1820e70a255c4859
  Author: Alexey Krasikov <alex-krasikov@yandex-team.ru>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M crypto/Makefile.objs
    M crypto/secret.c
    A crypto/secret_common.c
    M include/crypto/secret.h
    A include/crypto/secret_common.h

  Log Message:
  -----------
  crypto/secret: move main logic from 'secret' to 'secret_common'.

Create base class 'common secret'. Move common data and logic from
'secret' to 'common_secret' class. This allowed adding abstraction layer
for easier adding new 'secret' objects in future.
Convert 'secret' class to child from basic 'secret_common' with 'data'
and 'file' properties.

Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 54e7aac0562452e4fcab65ca5001d030eef2de15
      
https://github.com/qemu/qemu/commit/54e7aac0562452e4fcab65ca5001d030eef2de15
  Author: Alexey Krasikov <alex-krasikov@yandex-team.ru>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M configure
    M crypto/Makefile.objs
    A crypto/secret_keyring.c
    A include/crypto/secret_keyring.h

  Log Message:
  -----------
  crypto/linux_keyring: add 'secret_keyring' secret object.

Add the ability for the secret object to obtain secret data from the
Linux in-kernel key managment and retention facility, as an extra option
to the existing ones: reading from a file or passing directly as a
string.

The secret is identified by the key serial number. The upper layers
need to instantiate the key and make sure the QEMU process has access
permissions to read it.

Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>

 - Fixed up detection logic default behaviour in configure

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 92500362210268faf4ae81644a66a7616d6bde1d
      
https://github.com/qemu/qemu/commit/92500362210268faf4ae81644a66a7616d6bde1d
  Author: Alexey Krasikov <alex-krasikov@yandex-team.ru>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M configure
    M tests/Makefile.include
    M tests/test-crypto-secret.c

  Log Message:
  -----------
  test-crypto-secret: add 'secret_keyring' object tests.

Add tests:
  test_secret_keyring_good;
  test_secret_keyring_revoked_key;
  test_secret_keyring_expired_key;
  test_secret_keyring_bad_serial_key;
  test_secret_keyring_bad_key_access_right;

Added tests require libkeyutils. The absence of this library is not
critical, because these tests will be skipped in this case.

Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: d6cca8e111696fbbd7c233dc53f9c80b6a43359d
      
https://github.com/qemu/qemu/commit/d6cca8e111696fbbd7c233dc53f9c80b6a43359d
  Author: Richard W.M. Jones <rjones@redhat.com>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M crypto/init.c

  Log Message:
  -----------
  crypto: Remove use of GCRYPT_VERSION macro.

According to the gcrypt documentation it's intended that
gcry_check_version() is called with the minimum version of gcrypt
needed by the program, not the version from the <gcrypt.h> header file
that happened to be installed when qemu was compiled.  Indeed the
gcrypt.h header says that you shouldn't use the GCRYPT_VERSION macro.

This causes the following failure:

  qemu-img: Unable to initialize gcrypt

if a slightly older version of libgcrypt is installed with a newer
qemu, even though the slightly older version works fine.  This can
happen with RPM packaging which uses symbol versioning to determine
automatically which libgcrypt is required by qemu, which caused the
following bug in RHEL 8:

  https://bugzilla.redhat.com/show_bug.cgi?id=1840485

qemu actually requires libgcrypt >= 1.5.0, so we might put the string
"1.5.0" here.  However since 1.5.0 was released in 2011, it hardly
seems we need to check that.  So I replaced GCRYPT_VERSION with NULL.
Perhaps in future if we move to requiring a newer version of gcrypt we
could put a literal string here.

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>


  Commit: 53550e81e2cafe7c03a39526b95cd21b5194d9b1
      
https://github.com/qemu/qemu/commit/53550e81e2cafe7c03a39526b95cd21b5194d9b1
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2020-06-15 (Mon, 15 Jun 2020)

  Changed paths:
    M configure
    M crypto/Makefile.objs
    M crypto/init.c
    A crypto/random-none.c
    M crypto/secret.c
    A crypto/secret_common.c
    A crypto/secret_keyring.c
    M include/crypto/secret.h
    A include/crypto/secret_common.h
    A include/crypto/secret_keyring.h
    M tests/Makefile.include
    M tests/test-crypto-secret.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Misc crypto subsystem fixes

* Improve error message for large files when creating LUKS volumes
* Expand crypto hash benchmark coverage
* Misc code refactoring with no functional change

# gpg: Signature made Mon 15 Jun 2020 11:35:17 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
  crypto: Remove use of GCRYPT_VERSION macro.
  test-crypto-secret: add 'secret_keyring' object tests.
  crypto/linux_keyring: add 'secret_keyring' secret object.
  crypto/secret: move main logic from 'secret' to 'secret_common'.
  crypto: add "none" random provider

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/7d3660e79830...53550e81e2ca

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] b767d2: crypto: add "none" random provider, Peter Maydell <=

Prev by Date: [Qemu-commits] [qemu/qemu] dfae62: docker.py/build: support -t and -f arguments
Next by Date: [Qemu-commits] [qemu/qemu] 55b975: bios-tables-test: Fix "-tpmdev: invalid option"
Previous by thread: [Qemu-commits] [qemu/qemu] dfae62: docker.py/build: support -t and -f arguments
Next by thread: [Qemu-commits] [qemu/qemu] 55b975: bios-tables-test: Fix "-tpmdev: invalid option"
Index(es):
- Date
- Thread