Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging

Various crypto fixes

* Support sha384 with glib crypto backend
* Improve error reporting for unsupported cip

Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging

Various crypto fixes

* Support sha384 with glib crypto backend
* Improve error reporting for unsupported cipher modes
* Avoid memory leak when bad cipher mode is given
* Run pbkdf tests on macOS
* Runtime check for pbkdf hash impls with gnutls & gcrypt
* Avoid hangs counter pbkdf iterations on some Linux kernels
by using a throwaway thread for benchmarking performance
* Fix iotests expected output from gnutls errors

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmbfAy4ACgkQvobrtBUQ
# T99ZLhAAomQ7GeUNYM2/Fh9VptSAy9nddp7WwMd2egTZ+wPMnvalxXiMupf0WNzb
# 3CJtXojeNCCV8PtBuTmlCmLg+HxFA+zQgkizS9WqUOMies54woGrwQCUIlyez1Au
# Y2+9GbRRrkJA860R1aK2EJI5C2ofJf+CJd/nWSxsTzZSPu6Iu3V9ZahSdAq8o96R
# AMh//6MOuX5pauyTYLXL3jpxEJEM4YjQ/+AF8D5FYustcN1Icjv2KPL1PArwUOTe
# m1NZtcWLxZpmis5vXO8davMbB16bda6YUxuBQ++pFlF3ars7U2JldZ4DIqECAKkI
# sxtw6Wq/IjdVwyJLj/+c7CX3/T1p4IuJ8ch6sfVnQz1KUf2NxPtBwSXqQneLUa2G
# b46swxL695nCBYkbcfgWYfL5BaU1b0W8Xkk4sRoTNN5tDcYOuE9nMTMu71pHifmz
# 1itkxvLdLkwH7mxzTAxVV+vdQk3KiXlmt42/hOJMgAC3WRp2JJsEv64Jpq9huooA
# a+7fM5c2r3b77q7hjIwp8X6HmNehCt2KQiGvn0DvMmqb22r/RT9VzE89iNhPNSUx
# rCj7b2+19Xrfe1wxwl07GJ7yUXX4XIcphH66iO9nu1RQDBATqNSiJ/dHCfP9iiEP
# 7PHf4krOSzA+wL67FP+u8x0sVhpPmbPRvU8VW4+D+Av91TK5wo0=
# =wLAZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 09 Sep 2024 15:16:14 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu:
crypto: Introduce x509 utils
crypto: Support SHA384 hash when using glib
crypto: Define macros for hash algorithm digest lengths
crypto: use consistent error reporting pattern for unsupported cipher modes
crypto: avoid leak of ctx when bad cipher mode is given
tests/unit: build pbkdf test on macOS
tests/unit: always build the pbkdf crypto unit test
crypto: check gnutls & gcrypt support the requested pbkdf hash
crypto: run qcrypto_pbkdf2_count_iters in a new thread
iotests: fix expected output from gnutls

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Introduce x509 utils

An utility function for getting fingerprint from X.509 certificate
has been introduced. Implementation only provided using gnutls.

Signed-off-by: Dorjoy Chowdhury <dorj

crypto: Introduce x509 utils

An utility function for getting fingerprint from X.509 certificate
has been introduced. Implementation only provided using gnutls.

Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
[DB: fixed missing gnutls_x509_crt_deinit in success path]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix from optionrom build
* fix for KVM on Apple M2
* introduce machine property "audiodev"
* ui/vnc: Require audiodev= to e

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix from optionrom build
* fix for KVM on Apple M2
* introduce machine property "audiodev"
* ui/vnc: Require audiodev= to enable audio
* audio: remove QEMU_AUDIO_* and -audio-help support
* audio: forbid using default audiodev backend with -audiodev and -nodefaults
* remove compatibility code for old machine types
* make-release: do not ship dtc sources
* build system cleanups

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmUb0QgUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOpnAf9EFXfGkXpqQ5Q8ZbVlVc5GQKofMHW
# OZwamTBlp/c07+QcQiMxwLhIW0iyDhrfdCjoFSUaTA8O10FM1YrFv4SkUryYb9B3
# bmoTl4NeLvmkxpC47GEeaaBfjyM0G/9Ip9Zsuqx3u+gSzwTbkEstA2u7gcsN0tL9
# VlhMSiV82uHhRC/DJYLxr+8bRYSIm1AeuI8K/O1yags85Kztf3UiQUhePIKLznMH
# BdORjD+i46xM1dE8ifpdsunm462cDWz/faAnIH0YVKBlshnQHXKTO+GDA/Fbfl51
# wFfupZXo93wwgawS7elAUzI+gwaKCPRHA8NDcukeO91hTzk6i14y04u5SQ==
# =nv64
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 03 Oct 2023 04:30:00 EDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (24 commits)
audio: forbid default audiodev backend with -nodefaults
audio: propagate Error * out of audio_init
vt82c686 machines: Support machine-default audiodev with fallback
hw/ppc: Support machine-default audiodev with fallback
hw/arm: Support machine-default audiodev with fallback
Introduce machine property "audiodev"
audio: remove QEMU_AUDIO_* and -audio-help support
audio: simplify flow in audio_init
audio: commonize voice initialization
audio: return Error ** from audio_state_by_name
audio: allow returning an error from the driver init
audio: Require AudioState in AUD_add_capture
ui/vnc: Require audiodev= to enable audio
crypto: only include tls-cipher-suites in emulators
scsi-disk: ensure that FORMAT UNIT commands are terminated
esp: restrict non-DMA transfer length to that of available data
esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux()
Makefile: build plugins before running TCG tests
meson: clean up static_library keyword arguments
make-release: do not ship dtc sources
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

crypto: only include tls-cipher-suites in emulators

tls-cipher-suites is an object that is used to inject TLS configuration
into the guest (via fw_cfg). It is never used for host-side TLS
operation

crypto: only include tls-cipher-suites in emulators

tls-cipher-suites is an object that is used to inject TLS configuration
into the guest (via fw_cfg). It is never used for host-side TLS
operation, and therefore it need not be available in the tools.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'pull-crypto-20230915' of https://gitlab.com/rth7680/qemu into staging

Unify implementation of carry-less multiply.
Accelerate carry-less multiply for 64x64->128.

# -----BEGIN PGP SIGNATU

Merge tag 'pull-crypto-20230915' of https://gitlab.com/rth7680/qemu into staging

Unify implementation of carry-less multiply.
Accelerate carry-less multiply for 64x64->128.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmUEiPodHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/akgf/XkiIeErWJr1YXSbS
# YPQtCsDAfIrqn3RiyQ2uwSn2eeuwVqTFFPGER04YegRDK8dyO874JBfvOwmBT70J
# I/aU8Z4BbRyNu9nfaCtFMlXQH9KArAKcAds1PnshfcnI5T2yBloZ1sAU97IuJFZk
# Uuz96H60+ohc4wzaUiPqPhXQStgZeSYwwAJB0s25DhCckdea0udRCAJ1tQTVpxkM
# wIFef1SHPoM6DtMzFKHLLUH6VivSlHjqx8GqFusa7pVqfQyDzNBfwvDl1F/bkE07
# yTocQEkV3QnZvIplhqUxAaZXIFZr9BNk7bDimMjHW6z3pNPN3T8zRn4trNjxbgPV
# jqzAtg==
# =8nnk
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 15 Sep 2023 12:40:26 EDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-crypto-20230915' of https://gitlab.com/rth7680/qemu:
host/include/aarch64: Implement clmul.h
host/include/i386: Implement clmul.h
target/ppc: Use clmul_64
target/s390x: Use clmul_64
target/i386: Use clmul_64
target/arm: Use clmul_64
crypto: Add generic 64-bit carry-less multiply routine
target/ppc: Use clmul_32* routines
target/s390x: Use clmul_32* routines
target/arm: Use clmul_32* routines
crypto: Add generic 32-bit carry-less multiply routines
target/ppc: Use clmul_16* routines
target/s390x: Use clmul_16* routines
target/arm: Use clmul_16* routines
crypto: Add generic 16-bit carry-less multiply routines
target/ppc: Use clmul_8* routines
target/s390x: Use clmul_8* routines
target/arm: Use clmul_8* routines
crypto: Add generic 8-bit carry-less multiply routines

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

crypto: Add generic 8-bit carry-less multiply routines

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'ak-pull-request' of https://gitlab.com/berrange/qemu into staging

Merge asymmetric cipher crypto support

This extends the internal crypto APIs to support the use of asymmetric
ciphers.

Merge tag 'ak-pull-request' of https://gitlab.com/berrange/qemu into staging

Merge asymmetric cipher crypto support

This extends the internal crypto APIs to support the use of asymmetric
ciphers.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmKPWdgACgkQvobrtBUQ
# T9/dXA//XozeQbIK9y/1wb60LXiqHiHDMi8Ct1oEpNsLaL4lsp09VjtmxggqMfad
# MjxQjKdOVMVPISRnrKCJQ6qiGKQB7C/php1ZxOPdG4zgf2Ofl312GHZCLjqLkpB8
# KnhdFB31coI45EQ+agk5ZO8Baml85yY4sALLofGXV3xatJswH1HoMAmDATe5ebko
# ox7qd/S9Q4bpZA4v+8fUbvX2zI95hZta8+4d2Irx542gO8KibYKRVmffJhcKx6hy
# 4x7iTEaGQQn3DFMbVxsvb4wLwx1v8sSS6C2rHuGZY67ZzDnYhAdaHG9CaWR3uvtS
# vs7EcEWqn45SfJ/FaYUyon/btsawJrXP9NISmns4J6TYoN6sJJVxk9T9A/hlqtEE
# /iwTfp/Se+o2JDLgC+JHQz8maj4igloGNhF8+u4lXBLEpT7tlvaxhkrcPo9Um7ay
# bWpmLoxVN5vEvOnsrfLhK6LGPIzfjP4tYX0xwWy5Lm/DZ1LinJOONPXjArFr3TaQ
# rcS6L15ZaiFu9bYUyN1Uf7V7VydiVV8RlkuTqJ614gSX0v+GCMR1J+0WsQ4DtPlT
# G6WP0EnnD4Ulg9XpSMte2GXKQ0d8c7hTKr3/RW+BuvvgP5T4P7guBTRhmufRiip6
# BByKpXrQ72yGm6U+nTtEVFdUWVER31U0ufsW64hdM+LGfiG7fUE=
# =X589
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 26 May 2022 03:43:36 AM PDT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]

* tag 'ak-pull-request' of https://gitlab.com/berrange/qemu:
tests/crypto: Add test suite for RSA keys
test/crypto: Add test suite for crypto akcipher
crypto: Implement RSA algorithm by gcrypt
crypto: Implement RSA algorithm by hogweed
crypto: add ASN.1 DER decoder
crypto: Introduce akcipher crypto class
qapi: crypto-akcipher: Introduce akcipher types to qapi

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

crypto: Implement RSA algorithm by hogweed

Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offlo

crypto: Implement RSA algorithm by hogweed

Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.

Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: add ASN.1 DER decoder

Add an ANS.1 DER decoder which is used to parse asymmetric
cipher keys

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance

crypto: add ASN.1 DER decoder

Add an ANS.1 DER decoder which is used to parse asymmetric
cipher keys

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: Introduce akcipher crypto class

Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports
basic asymmetric operations: encrypt, decrypt, sign and verify.

Suggested by Daniel P.

crypto: Introduce akcipher crypto class

Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports
basic asymmetric operations: encrypt, decrypt, sign and verify.

Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new
class. Thanks to Daniel!

Co-developed-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge tag 'pull-riscv-to-apply-20220429' of github.com:alistair23/qemu into staging

Second RISC-V PR for QEMU 7.1

* Improve device tree generation
* Support configuarable marchid, mvendorid, mipi

Merge tag 'pull-riscv-to-apply-20220429' of github.com:alistair23/qemu into staging

Second RISC-V PR for QEMU 7.1

* Improve device tree generation
* Support configuarable marchid, mvendorid, mipid CSR values
* Add support for the Zbkb, Zbkc, Zbkx, Zknd/Zkne, Zknh, Zksed/Zksh and Zkr extensions
* Fix incorrect PTE merge in walk_pte
* Add TPM support to the virt board

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmJraeUACgkQIeENKd+X
# cFRLjgf9GFmxPhOC8cb7wN6xsiJIiVmmcTGHKfUgFTAIR2KLOEm2fo28YNrgewok
# Hi7FBHLhYKEivz70GFVg7q6oJlqhYx8fL4AB0sodTetIcJGQPQgz8zN7ZD8utnzA
# d6n7ZruyW5IuUqCBUcsHNqBHxoYanR88rr6YpxU+nSz0WALYRgQliXm5zqK1rwNc
# v8HpLHyN7JUmAQmJ1U6Uc6IFi/cFn9e/Hs/uRMevKov2nCTxeeAq5G2r8JGKpx35
# VRid91dcWbGiRY1xHWqnl/0WZxl8Jp4av1e5NDbXfwYPvwiI2fza5KFasp2S38yR
# VvnUcI+p73qclCF7LkfL9c//xQT1iA==
# =Xkoz
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Apr 2022 09:30:29 PM PDT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054

* tag 'pull-riscv-to-apply-20220429' of github.com:alistair23/qemu: (25 commits)
hw/riscv: Enable TPM backends
hw/riscv: virt: Add device plug support
hw/riscv: virt: Add support for generating platform FDT entries
hw/riscv: virt: Create a platform bus
hw/core: Move the ARM sysbus-fdt to core
hw/riscv: virt: Add a machine done notifier
target/riscv: add scalar crypto related extenstion strings to isa_string
target/riscv: Fix incorrect PTE merge in walk_pte
target/riscv: rvk: expose zbk* and zk* properties
disas/riscv.c: rvk: add disas support for Zbk* and Zk* instructions
target/riscv: rvk: add CSR support for Zkr
target/riscv: rvk: add support for zksed/zksh extension
target/riscv: rvk: add support for sha512 related instructions for RV64 in zknh extension
target/riscv: rvk: add support for sha512 related instructions for RV32 in zknh extension
target/riscv: rvk: add support for sha256 related instructions in zknh extension
target/riscv: rvk: add support for zkne/zknd extension in RV64
target/riscv: rvk: add support for zknd/zkne extension in RV32
crypto: move sm4_sbox from target/arm
target/riscv: rvk: add support for zbkx extension
target/riscv: rvk: add support for zbkc extension
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

crypto: move sm4_sbox from target/arm

- share it between target/arm and target/riscv

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Revie

crypto: move sm4_sbox from target/arm

- share it between target/arm and target/riscv

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220423023510.30794-6-liweiwei@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Bugfixes
* Meson conversions

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJqObcUHHBib

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Bugfixes
* Meson conversions

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJqObcUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPwFgf9GgktU8JPTr/PENuYJkJkcoDriPSk
# KC5w5XWMzHHtSQLDLYhA9boLVo4flsAmE+CBJ3dQlKNhR2uezEvFM3ndtQ7koQ3z
# 9svjBZ/z5HKooSxPgOrRE43JpRxUHEhcRFGIfu8AIfRz8xQZ5fD9I5sGCUcNlRRi
# gWBjh849pSGW0ukL+ADz86UzTCSQGVY5ia6vnyYhvE7vT/uvcDTSLTBXmj2EpDEg
# vJzQYvcApgCd8U+Aj5iNvryt4fnjdj0xaDdyIIkrKK0WA8wJw5u7YFl7RWrkmVQG
# 1K/rrkULJUlCpx/bHkgI88Wrd3t7G8EGFL0OkzKYfFHWv+XUfndtmxkkfg==
# =JLRA
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 27 Apr 2022 11:52:39 PM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
qemu-options: Limit the -enable-kvm option to the targets that support it
meson, configure: move --enable-module-upgrades to meson
meson: remove CONFIG_XEN_PCI_PASSTHROUGH from config-target.h
meson, configure: move libgio test to meson
meson, configure: move usbfs test to meson
meson, configure: move keyctl test to meson
meson, configure: move RDMA options to meson
configure, meson: move OpenGL check to meson
configure: move --enable/--disable-debug-info to second option parsing pass
configure: gcov should not exclude fortify-source
configure: pc-bios/qemu-icon.bmp does not exist
qga: wixl: get path to sysroot from pkg-config as intended
configure: remove dead code
meson: show final set of compiler flags
i386: pcmpestr 64-bit sign extension bug
remove -writeconfig
configure: make fortify_source=yes by default
error-report: fix g_date_time_format assertion

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

meson, configure: move keyctl test to meson

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* More Meson conversions (0.59.x now required rather than suggested)
* UMIP support for TCG x86
* Fix migration c

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* More Meson conversions (0.59.x now required rather than suggested)
* UMIP support for TCG x86
* Fix migration crash
* Restore error output for check-block

# gpg: Signature made Mon 21 Feb 2022 09:35:59 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (29 commits)
configure, meson: move CONFIG_IASL to a Meson option
meson, configure: move ntddscsi API check to meson
meson: require dynamic linking for VSS support
qga/vss-win32: require widl/midl, remove pre-built TLB file
meson: do not make qga/vss-win32/meson.build conditional on C++ presence
configure, meson: replace VSS SDK checks and options with --enable-vss-sdk
qga/vss: use standard windows headers location
qga/vss-win32: use widl if available
meson: drop --with-win-sdk
qga/vss-win32: fix midl arguments
meson: refine check for whether to look for virglrenderer
configure, meson: move guest-agent, tools to meson
configure, meson: move smbd options to meson_options.txt
configure, meson: move coroutine options to meson_options.txt
configure, meson: move some default-disabled options to meson_options.txt
meson: define qemu_cflags/qemu_ldflags
configure, meson: move block layer options to meson_options.txt
configure, meson: move image format options to meson_options.txt
configure, meson: cleanup qemu-ga libraries
configure, meson: move TPM check to meson
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

configure, meson: move some default-disabled options to meson_options.txt

These do not depend on --with-default-features, so they become
booleans in meson too.

Signed-off-by: Paolo Bonzini <pbonzin

configure, meson: move some default-disabled options to meson_options.txt

These do not depend on --with-default-features, so they become
booleans in meson too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

configure, meson: move AF_ALG test to meson

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging

Merge crypto updates and misc fixes

* Introduce a GNUTLS backend for crypto algorithms
* Chan

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging

Merge crypto updates and misc fixes

* Introduce a GNUTLS backend for crypto algorithms
* Change crypto library preference gnutls > gcrypt > nettle > built-in
* Remove built-in DES impl
* Remove XTS mode from built-in AES impl
* Fix seccomp rules to allow resource info getters
* Fix migration performance test
* Use GDateTime in io/ and net/rocker/ code
* Improve docs for -smp

# gpg: Signature made Wed 14 Jul 2021 15:08:00 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/crypto-and-more-pull-request: (26 commits)
qemu-options: rewrite help for -smp options
qemu-options: tweak to show that CPU count is optional
qemu-options: re-arrange CPU topology options
docs: fix typo s/Intel/AMD/ in CPU model notes
tests/migration: fix unix socket migration
seccomp: don't block getters for resource control syscalls
io: use GDateTime for formatting timestamp for websock headers
net/rocker: use GDateTime for formatting timestamp in debug messages
crypto: prefer gnutls as the crypto backend if new enough
crypto: add gnutls pbkdf provider
crypto: add gnutls hmac provider
crypto: add gnutls hash provider
crypto: add gnutls cipher provider
crypto: introduce build system for gnutls crypto backend
crypto: flip priority of backends to prefer gcrypt
crypto: replace 'des-rfb' cipher with 'des'
crypto: delete built-in XTS cipher mode support
crypto: delete built-in DES implementation
crypto: add crypto tests for single block DES-ECB and DES-CBC
crypto: drop custom XTS support in gcrypt driver
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: add gnutls pbkdf provider

This adds support for using gnutls as a provider of the crypto
pbkdf APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@

crypto: add gnutls pbkdf provider

This adds support for using gnutls as a provider of the crypto
pbkdf APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: add gnutls hash provider

This adds support for using gnutls as a provider of the crypto
hash APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@re

crypto: add gnutls hash provider

This adds support for using gnutls as a provider of the crypto
hash APIs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: introduce build system for gnutls crypto backend

This introduces the build logic needed to decide whether we can
use gnutls as a crypto driver backend. The actual implementations
will be int

crypto: introduce build system for gnutls crypto backend

This introduces the build logic needed to decide whether we can
use gnutls as a crypto driver backend. The actual implementations
will be introduced in following patches. We only wish to use
gnutls if it has version 3.6.14 or newer, because that is what
finally brings HW accelerated AES-XTS mode for x86_64.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: delete built-in XTS cipher mode support

The built-in AES+XTS implementation is used for the LUKS encryption
When building system emulators it is reasonable to expect that an
external crypto

crypto: delete built-in XTS cipher mode support

The built-in AES+XTS implementation is used for the LUKS encryption
When building system emulators it is reasonable to expect that an
external crypto library is being used instead. The performance of the
builtin XTS implementation is terrible as it has no CPU acceleration
support. It is thus not worth keeping a home grown XTS implementation
for the built-in cipher backend.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

crypto: delete built-in DES implementation

The built-in DES implementation is used for the VNC server password
authentication scheme. When building system emulators it is reasonable
to expect that a

crypto: delete built-in DES implementation

The built-in DES implementation is used for the VNC server password
authentication scheme. When building system emulators it is reasonable
to expect that an external crypto library is being used. It is thus
not worth keeping a home grown DES implementation in tree.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* Some Meson test conversions
* KVM dirty page ring buffer fix
* KVM TSC scaling support
* Fixes for SG_IO with /

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* Some Meson test conversions
* KVM dirty page ring buffer fix
* KVM TSC scaling support
* Fixes for SG_IO with /dev/sdX devices
* (Non)support for host devices on iOS
* -smp cleanups

# gpg: Signature made Fri 25 Jun 2021 15:16:18 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (28 commits)
machine: reject -smp dies!=1 for non-PC machines
machine: pass QAPI struct to mc->smp_parse
machine: add error propagation to mc->smp_parse
machine: move common smp_parse code to caller
machine: move dies from X86MachineState to CpuTopology
file-posix: handle EINTR during ioctl
block: detect DKIOCGETBLOCKCOUNT/SIZE before use
block: try BSD disk size ioctls one after another
block: check for sys/disk.h
block: feature detection for host block support
file-posix: try BLKSECTGET on block devices too, do not round to power of 2
block: add max_hw_transfer to BlockLimits
block-backend: align max_transfer to request alignment
osdep: provide ROUND_DOWN macro
scsi-generic: pass max_segments via max_iov field in BlockLimits
file-posix: fix max_iov for /dev/sg devices
KVM: Fix dirty ring mmap incorrect size due to renaming accident
configure, meson: convert libusbredir detection to meson
configure, meson: convert libcacard detection to meson
configure, meson: convert libusb detection to meson
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

configure, meson: convert crypto detection to meson

Reviewed-by: Richard Henderson <richard.henderson@liaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <p

configure, meson: convert crypto detection to meson

Reviewed-by: Richard Henderson <richard.henderson@liaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...