mirror of https://gitlab.com/qemu-project/qemu
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
![]() When originally creating the internal crypto cipher APIs, they were wired up to use the built-in D3DES and AES implementations, as a way to gracefully transition to the new APIs without introducing an immediate hard dep on any external crypto libraries for the VNC password auth (D3DES) or the qcow2 encryption (AES). In the 6.1.0 release we dropped the built-in D3DES impl, and also the XTS mode for the AES impl, leaving only AES with ECB/CBC modes. The rational was that with the system emulators, it is expected that 3rd party crypto libraries will be available. The qcow2 LUKS impl is preferred to the legacy raw AES impl, and by default that requires AES in XTS mode, limiting the usefulness of the built-in cipher provider. The built-in AES impl has known timing attacks and is only suitable for use cases where a security boundary is already not expected to be provided (TCG). Providing a built-in cipher impl thus potentially misleads users, should they configure a QEMU without any crypto library, and try to use it with the LUKS backend, even if that requires a non-default configuration choice. Complete what we started in 6.1.0 and purge the remaining AES support. Use of either gnutls, nettle, or libcrypt is now mandatory for any cipher support, except for TCG impls. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> |
2 weeks ago | |
---|---|---|
.. | ||
aes.c | 2 years ago | |
afalg.c | 9 months ago | |
afalgpriv.h | 9 months ago | |
afsplit.c | 9 months ago | |
akcipher-gcrypt.c.inc | 6 months ago | |
akcipher-nettle.c.inc | 6 months ago | |
akcipher.c | 9 months ago | |
akcipherpriv.h | 9 months ago | |
block-luks-priv.h | 2 years ago | |
block-luks.c | 9 months ago | |
block-luks.h | 6 years ago | |
block-qcow.c | 9 months ago | |
block-qcow.h | 6 years ago | |
block.c | 9 months ago | |
blockpriv.h | 9 months ago | |
cipher-afalg.c | 9 months ago | |
cipher-gcrypt.c.inc | 9 months ago | |
cipher-gnutls.c.inc | 9 months ago | |
cipher-nettle.c.inc | 9 months ago | |
cipher-stub.c.inc | 2 weeks ago | |
cipher.c | 2 weeks ago | |
cipherpriv.h | 9 months ago | |
clmul.c | 2 years ago | |
der.c | 8 months ago | |
der.h | 8 months ago | |
hash-afalg.c | 4 months ago | |
hash-gcrypt.c | 7 months ago | |
hash-glib.c | 8 months ago | |
hash-gnutls.c | 8 months ago | |
hash-nettle.c | 7 months ago | |
hash.c | 7 months ago | |
hashpriv.h | 8 months ago | |
hmac-gcrypt.c | 7 months ago | |
hmac-glib.c | 9 months ago | |
hmac-gnutls.c | 9 months ago | |
hmac-nettle.c | 7 months ago | |
hmac.c | 9 months ago | |
hmacpriv.h | 9 months ago | |
init.c | 11 months ago | |
ivgen-essiv.c | 6 years ago | |
ivgen-essiv.h | 6 years ago | |
ivgen-plain.c | 6 years ago | |
ivgen-plain.h | 3 years ago | |
ivgen-plain64.c | 6 years ago | |
ivgen-plain64.h | 6 years ago | |
ivgen.c | 9 months ago | |
ivgenpriv.h | 9 months ago | |
meson.build | 9 months ago | |
pbkdf-gcrypt.c | 7 months ago | |
pbkdf-gnutls.c | 9 months ago | |
pbkdf-nettle.c | 7 months ago | |
pbkdf-stub.c | 9 months ago | |
pbkdf.c | 5 months ago | |
random-gcrypt.c | 6 years ago | |
random-gnutls.c | 6 years ago | |
random-none.c | 5 years ago | |
random-platform.c | 6 years ago | |
rsakey-builtin.c.inc | 9 months ago | |
rsakey-nettle.c.inc | 9 months ago | |
rsakey.c | 3 years ago | |
rsakey.h | 3 years ago | |
secret.c | 1 month ago | |
secret_common.c | 1 month ago | |
secret_keyring.c | 1 month ago | |
sm4.c | 2 years ago | |
tls-cipher-suites.c | 1 month ago | |
tlscreds.c | 1 month ago | |
tlscredsanon.c | 1 month ago | |
tlscredspriv.h | 4 years ago | |
tlscredspsk.c | 1 month ago | |
tlscredsx509.c | 1 month ago | |
tlssession.c | 4 months ago | |
trace-events | 4 years ago | |
trace.h | 5 years ago | |
x509-utils.c | 9 months ago | |
xts.c | 6 years ago |