Merge remote-tracking branch 'remotes/berrange-gitlab/tags/tls-deps-pull-request' into staging

Hide build time dependancy on gnutls fom non-crypto code

# gpg: Signature made Wed 30 Jun 2021 12:18:4

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/tls-deps-pull-request' into staging

Hide build time dependancy on gnutls fom non-crypto code

# gpg: Signature made Wed 30 Jun 2021 12:18:47 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/tls-deps-pull-request:
crypto: Make QCryptoTLSCreds* structures private
ui/vnc: Use qcrypto_tls_creds_check_endpoint()
migration/tls: Use qcrypto_tls_creds_check_endpoint()
chardev/socket: Use qcrypto_tls_creds_check_endpoint()
qemu-nbd: Use qcrypto_tls_creds_check_endpoint()
block/nbd: Use qcrypto_tls_creds_check_endpoint()
crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Make QCryptoTLSCreds* structures private

Code consuming the "crypto/tlscreds*.h" APIs doesn't need
to access its internals. Move the structure definitions to
the "tlscredspriv.h" private hea

crypto: Make QCryptoTLSCreds* structures private

Code consuming the "crypto/tlscreds*.h" APIs doesn't need
to access its internals. Move the structure definitions to
the "tlscredspriv.h" private header (only accessible by
implementations). The public headers (in include/) still
forward-declare the structures typedef.

Note, tlscreds.c and 3 of the 5 modified source files already
include "tlscredspriv.h", so only add it to tls-cipher-suites.c
and tlssession.c.

Removing the internals from the public header solves a bug
introduced by commit 7de2e856533 ("yank: Unregister function
when using TLS migration") which made migration/qemu-file-channel.c
include "io/channel-tls.h", itself sometime depends on GNUTLS,
leading to a build failure on OSX:

[2/35] Compiling C object libmigration.fa.p/migration_qemu-file-channel.c.o
FAILED: libmigration.fa.p/migration_qemu-file-channel.c.o
cc -Ilibmigration.fa.p -I. -I.. -Iqapi [ ... ] -o libmigration.fa.p/migration_qemu-file-channel.c.o -c ../migration/qemu-file-channel.c
In file included from ../migration/qemu-file-channel.c:29:
In file included from include/io/channel-tls.h:26:
In file included from include/crypto/tlssession.h:24:
include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not found
#include <gnutls/gnutls.h>
^~~~~~~~~~~~~~~~~
1 error generated.

Reported-by: Stefan Weil <sw@weilnetz.de>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/407
Fixes: 7de2e856533 ("yank: Unregister function when using TLS migration")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

QOM boilerplate cleanup

Documentation build fix:
* memory: Remove kernel-doc comment marker (Eduardo Habk

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

QOM boilerplate cleanup

Documentation build fix:
* memory: Remove kernel-doc comment marker (Eduardo Habkost)

QOM cleanups:
* Rename QOM macros for consistency between
TYPE_* and type checking constants (Eduardo Habkost)

QOM new macros:
* OBJECT_DECLARE_* and OBJECT_DEFINE_* macros (Daniel P. Berrangé)
* DECLARE_*_CHECKER macros (Eduardo Habkost)

Automated QOM boilerplate changes:
* Automated changes to use DECLARE_*_CHECKER (Eduardo Habkost
* Automated changes to use OBJECT_DECLARE* (Eduardo Habkost)

# gpg: Signature made Thu 10 Sep 2020 19:17:49 BST
# gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg: issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request: (33 commits)
virtio-vga: Use typedef name for instance_size
vhost-user-vga: Use typedef name for instance_size
xilinx_axienet: Use typedef name for instance_size
lpc_ich9: Use typedef name for instance_size
omap_intc: Use typedef name for instance_size
xilinx_axidma: Use typedef name for instance_size
tusb6010: Rename TUSB to TUSB6010
pc87312: Rename TYPE_PC87312_SUPERIO to TYPE_PC87312
vfio: Rename PCI_VFIO to VFIO_PCI
usb: Rename USB_SERIAL_DEV to USB_SERIAL
sabre: Rename SABRE_DEVICE to SABRE
rs6000_mc: Rename RS6000MC_DEVICE to RS6000MC
filter-rewriter: Rename FILTER_COLO_REWRITER to FILTER_REWRITER
esp: Rename ESP_STATE to ESP
ahci: Rename ICH_AHCI to ICH9_AHCI
vmgenid: Rename VMGENID_DEVICE to TYPE_VMGENID
vfio: Rename VFIO_AP_DEVICE_TYPE to TYPE_VFIO_AP_DEVICE
dev-smartcard-reader: Rename CCID_DEV_NAME to TYPE_USB_CCID_DEV
ap-device: Rename AP_DEVICE_TYPE to TYPE_AP_DEVICE
gpex: Fix type checking function name
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Use DECLARE_*CHECKER* macros

Generated using:

$ ./scripts/codeconverter/converter.py -i \
--pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Reviewed-by: Daniel P. Berrangé <berrange@redha

Use DECLARE_*CHECKER* macros

Generated using:

$ ./scripts/codeconverter/converter.py -i \
--pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20200831210740.126168-12-ehabkost@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20200831210740.126168-13-ehabkost@redhat.com>
Message-Id: <20200831210740.126168-14-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

show more ...

Move QOM typedefs and add missing includes

Some typedefs and macros are defined after the type check macros.
This makes it difficult to automatically replace their
definitions with OBJECT_DECLARE_TY

Move QOM typedefs and add missing includes

Some typedefs and macros are defined after the type check macros.
This makes it difficult to automatically replace their
definitions with OBJECT_DECLARE_TYPE.

Patch generated using:

$ ./scripts/codeconverter/converter.py -i \
--pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]')

which will split "typdef struct { ... } TypedefName"
declarations.

Followed by:

$ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \
$(git grep -l '' -- '*.[ch]')

which will:
- move the typedefs and #defines above the type check macros
- add missing #include "qom/object.h" lines if necessary

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20200831210740.126168-9-ehabkost@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20200831210740.126168-10-ehabkost@redhat.com>
Message-Id: <20200831210740.126168-11-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging

Merge misc fixes

A collection of patches I have fixing crypto code and other pieces
without an assigned main

Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging

Merge misc fixes

A collection of patches I have fixing crypto code and other pieces
without an assigned maintainer

* Fixes crypto function signatures to be compatible with
both old and new versions of nettle
* Fixes deprecation warnings on new nettle
* Fixes GPL license header typos
* Documents security implications of monitor usage
* Optimize linking of capstone to avoid it in tools

# gpg: Signature made Fri 19 Jul 2019 14:24:37 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/misc-next-pull-request:
crypto: Fix LGPL information in the file headers
doc: document that the monitor console is a privileged control interface
configure: only link capstone to emulation targets
crypto: fix function signatures for nettle 2.7 vs 3
crypto: switch to modern nettle AES APIs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Fix LGPL information in the file headers

It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of

crypto: Fix LGPL information in the file headers

It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of the "Lesser" license. So assume that version 2.1 is meant here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2016-07-12' into staging

Clean up #include "..." vs <...> and header guards

# gpg: Signature made Tue 12 Jul 2016 15:23:43 BST
# gpg:

Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2016-07-12' into staging

Clean up #include "..." vs <...> and header guards

# gpg: Signature made Tue 12 Jul 2016 15:23:43 BST
# gpg: using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-include-2016-07-12:
cris: Fix broken header guard in hw/cris/boot.h
Clean up decorations and whitespace around header guards
Clean up ill-advised or unusual header guards
libdecnumber: Don't error out on decNumberLocal.h re-inclusion
libdecnumber: Don't fool around with guards to avoid #include
Clean up header guards that don't match their file name
Drop Emacs local variables lists redundant with .dir-locals.el
spapr_pci: Include spapr.h instead of playing games with #error
tcg: Clean up tcg-target.h header guards
linux-user: Fix broken header guard in syscall_defs.h
linux-user: Clean up hostdep.h header guards
linux-user: Clean up target_structs.h header guards
linux-user: Clean up target_signal.h header guards
linux-user: Clean up target_cpu.h header guards
linux-user: Clean up target_syscall.h header guards
target-*: Clean up cpu.h header guards
scripts: New clean-header-guards.pl
Use #include "..." for our own headers, <...> for others

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Clean up header guards that don't match their file name

Header guard symbols should match their file name to make guard
collisions less likely. Offenders found with
scripts/clean-header-guards.pl -

Clean up header guards that don't match their file name

Header guard symbols should match their file name to make guard
collisions less likely. Offenders found with
scripts/clean-header-guards.pl -vn.

Cleaned up with scripts/clean-header-guards.pl, followed by some
renaming of new guard symbols picked by the script to better ones.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging

Merge QCryptoSecret object support

# gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging

Merge QCryptoSecret object support

# gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1:
crypto: add support for loading encrypted x509 keys
crypto: add QCryptoSecret object class for password/key handling
qga: convert to use error checked base64 decode
qemu-char: convert to use error checked base64 decode
util: add base64 decoding function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: add support for loading encrypted x509 keys

Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object t

crypto: add support for loading encrypted x509 keys

Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.

# printf "123456" > mypasswd.txt
# $QEMU \
-object secret,id=sec0,filename=mypasswd.txt \
-object tls-creds-x509,passwordid=sec0,id=creds0,\
dir=/home/berrange/.pki/qemu,endpoint=server \
-vnc :1,tls-creds=creds0

This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/vnc-crypto-v9-for-upstream' into staging

Merge vnc-crypto-v9

# gpg: Signature made Tue 15 Sep 2015 15:32:38 BST using RSA key ID 15104FDF
# gpg:

Merge remote-tracking branch 'remotes/berrange/tags/vnc-crypto-v9-for-upstream' into staging

Merge vnc-crypto-v9

# gpg: Signature made Tue 15 Sep 2015 15:32:38 BST using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/vnc-crypto-v9-for-upstream:
ui: convert VNC server to use QCryptoTLSSession
ui: fix return type for VNC I/O functions to be ssize_t
crypto: introduce new module for handling TLS sessions
crypto: add sanity checking of TLS x509 credentials
crypto: introduce new module for TLS x509 credentials
crypto: introduce new module for TLS anonymous credentials
crypto: introduce new base module for TLS credentials
qom: allow QOM to be linked into tools binaries
crypto: move crypto objects out of libqemuutil.la
tests: remove repetition in unit test object deps
qapi: allow override of default enum prefix naming

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: add sanity checking of TLS x509 credentials

If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and diffi

crypto: add sanity checking of TLS x509 credentials

If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and difficult to diagnose. This has been a particular
problem for people using openssl to generate their certificates
instead of the gnutls certtool, because the openssl tools don't
turn on the various x509 extensions that gnutls expects to be
present by default.

This change thus adds support in the TLS credentials object to
sanity check the certificates when QEMU first loads them. This
gives the administrator immediate feedback for the majority of
common configuration mistakes, reducing the pain involved in
setting up TLS. The code is derived from equivalent code that
has been part of libvirt's TLS support and has been seen to be
valuable in assisting admins.

It is possible to disable the sanity checking, however, via
the new 'sanity-check' property on the tls-creds object type,
with a value of 'no'.

Unit tests are included in this change to verify the correctness
of the sanity checking code in all the key scenarios it is
intended to cope with. As part of the test suite, the pkix_asn1_tab.c
from gnutls is imported. This file is intentionally copied from the
(long since obsolete) gnutls 1.6.3 source tree, since that version
was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

show more ...

crypto: introduce new module for TLS x509 credentials

Introduce a QCryptoTLSCredsX509 class which is used to
manage x509 certificate TLS credentials. This will be
the preferred credential type offer

crypto: introduce new module for TLS x509 credentials

Introduce a QCryptoTLSCredsX509 class which is used to
manage x509 certificate TLS credentials. This will be
the preferred credential type offering strong security
characteristics

Example CLI configuration:

$QEMU -object tls-creds-x509,id=tls0,endpoint=server,\
dir=/path/to/creds/dir,verify-peer=yes

The 'id' value in the -object args will be used to associate the
credentials with the network services. For example, when the VNC
server is later converted it would use

$QEMU -object tls-creds-x509,id=tls0,.... \
-vnc 127.0.0.1:1,tls-creds=tls0

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

show more ...