You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
qemu/crypto
Daniel P. Berrangé 5a56f60d7c crypto: fully drop built-in cipher provider
When originally creating the internal crypto cipher APIs, they were
wired up to use the built-in D3DES and AES implementations, as a way
to gracefully transition to the new APIs without introducing an
immediate hard dep on any external crypto libraries for the VNC
password auth (D3DES) or the qcow2 encryption (AES).

In the 6.1.0 release we dropped the built-in D3DES impl, and also
the XTS mode for the AES impl, leaving only AES with ECB/CBC modes.
The rational was that with the system emulators, it is expected that
3rd party crypto libraries will be available.

The qcow2 LUKS impl is preferred to the legacy raw AES impl, and by
default that requires AES in XTS mode, limiting the usefulness of
the built-in cipher provider.

The built-in AES impl has known timing attacks and is only suitable
for use cases where a security boundary is already not expected to
be provided (TCG).

Providing a built-in cipher impl thus potentially misleads users,
should they configure a QEMU without any crypto library, and try
to use it with the LUKS backend, even if that requires a non-default
configuration choice.

Complete what we started in 6.1.0 and purge the remaining AES
support.

Use of either gnutls, nettle, or libcrypt is now mandatory for any
cipher support, except for TCG impls.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2 weeks ago
..
aes.c target/riscv: Use existing lookup tables for MixColumns 2 years ago
afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 9 months ago
afalgpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 9 months ago
afsplit.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
akcipher-gcrypt.c.inc include: Rename sysemu/ -> system/ 6 months ago
akcipher-nettle.c.inc include: Rename sysemu/ -> system/ 6 months ago
akcipher.c qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 9 months ago
akcipherpriv.h qapi/crypto: Rename QCryptoAkCipherAlgorithm to *Algo, and drop prefix 9 months ago
block-luks-priv.h crypto: Clean up includes 2 years ago
block-luks.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 9 months ago
block-luks.h crypto: Fix LGPL information in the file headers 6 years ago
block-qcow.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 9 months ago
block-qcow.h crypto: Fix LGPL information in the file headers 6 years ago
block.c qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
blockpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
cipher-afalg.c qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 9 months ago
cipher-gcrypt.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
cipher-gnutls.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
cipher-nettle.c.inc qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
cipher-stub.c.inc crypto: fully drop built-in cipher provider 2 weeks ago
cipher.c crypto: fully drop built-in cipher provider 2 weeks ago
cipherpriv.h qapi/crypto: Rename QCryptoCipherAlgorithm to *Algo, and drop prefix 9 months ago
clmul.c crypto: Add generic 64-bit carry-less multiply routine 2 years ago
der.c crypto: Remove unused DER string functions 8 months ago
der.h crypto: Remove unused DER string functions 8 months ago
hash-afalg.c overall: Remove unnecessary g_strdup_printf() calls 4 months ago
hash-gcrypt.c crypto: perform runtime check for hash/hmac support in gcrypt 7 months ago
hash-glib.c crypto/hash: avoid overwriting user supplied result pointer 8 months ago
hash-gnutls.c crypto/hash: avoid overwriting user supplied result pointer 8 months ago
hash-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 7 months ago
hash.c crypto: Introduce SM3 hash hmac pbkdf algorithm 7 months ago
hashpriv.h crypto/hashpriv: Remove old hash API function 8 months ago
hmac-gcrypt.c crypto: perform runtime check for hash/hmac support in gcrypt 7 months ago
hmac-glib.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
hmac-gnutls.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
hmac-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 7 months ago
hmac.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
hmacpriv.h qapi/crypto: Rename QCryptoAFAlg to QCryptoAFAlgo 9 months ago
init.c crypto: drop gnutls debug logging support 11 months ago
ivgen-essiv.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-essiv.h crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain.h Clean up ill-advised or unusual header guards 3 years ago
ivgen-plain64.c crypto: Fix LGPL information in the file headers 6 years ago
ivgen-plain64.h crypto: Fix LGPL information in the file headers 6 years ago
ivgen.c qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 9 months ago
ivgenpriv.h qapi/crypto: Rename QCryptoIVGenAlgorithm to *Algo, and drop prefix 9 months ago
meson.build crypto: Introduce x509 utils 9 months ago
pbkdf-gcrypt.c crypto: Introduce SM3 hash hmac pbkdf algorithm 7 months ago
pbkdf-gnutls.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
pbkdf-nettle.c crypto: Introduce SM3 hash hmac pbkdf algorithm 7 months ago
pbkdf-stub.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
pbkdf.c crypto: fix bogus error benchmarking pbkdf on fast machines 5 months ago
random-gcrypt.c crypto: Fix LGPL information in the file headers 6 years ago
random-gnutls.c crypto: Fix LGPL information in the file headers 6 years ago
random-none.c crypto: add "none" random provider 5 years ago
random-platform.c crypto: Fix LGPL information in the file headers 6 years ago
rsakey-builtin.c.inc qapi/crypto: Drop unwanted 'prefix' 9 months ago
rsakey-nettle.c.inc qapi/crypto: Drop unwanted 'prefix' 9 months ago
rsakey.c crypto: Support export akcipher to pkcs8 3 years ago
rsakey.h crypto: Support export akcipher to pkcs8 3 years ago
secret.c qom: Have class_init() take a const data argument 1 month ago
secret_common.c qom: Make InterfaceInfo[] uses const 1 month ago
secret_keyring.c qom: Have class_init() take a const data argument 1 month ago
sm4.c crypto: Add SM4 constant parameter CK 2 years ago
tls-cipher-suites.c qom: Make InterfaceInfo[] uses const 1 month ago
tlscreds.c qom: Have class_init() take a const data argument 1 month ago
tlscredsanon.c qom: Make InterfaceInfo[] uses const 1 month ago
tlscredspriv.h crypto: Make QCryptoTLSCreds* structures private 4 years ago
tlscredspsk.c qom: Make InterfaceInfo[] uses const 1 month ago
tlscredsx509.c qom: Make InterfaceInfo[] uses const 1 month ago
tlssession.c crypto: Remove qcrypto_tls_session_get_handshake_status 4 months ago
trace-events docs: fix references to docs/devel/tracing.rst 4 years ago
trace.h trace: switch position of headers to what Meson requires 5 years ago
x509-utils.c qapi/crypto: Rename QCryptoHashAlgorithm to *Algo, and drop prefix 9 months ago
xts.c crypto: Fix LGPL information in the file headers 6 years ago