riscv
/
qemu
mirror of https://gitea.goldendeliverer.com/riscv/qemu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
QEMU main repository: Please see https://www.qemu.org/docs/master/devel/submitting-a-patch.html for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website. http://www.qemu.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
125676 Commits
68 Branches
448 Tags
581 MiB
Tree: 806108519c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '806108519c'
${ noResults }
qemu/crypto/meson.build

76 lines
1.5 KiB
Raw Normal View History

meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
crypto_ss.add(genh)
crypto_ss.add(files(
'afsplit.c',
crypto: Introduce akcipher crypto class Introduce new akcipher crypto class 'QCryptoAkCIpher', which supports basic asymmetric operations: encrypt, decrypt, sign and verify. Suggested by Daniel P. Berrangé, also add autoptr cleanup for the new class. Thanks to Daniel! Co-developed-by: lei he <helei.sig11@bytedance.com> Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
4 years ago
'akcipher.c',
meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
'block-luks.c',
'block-qcow.c',
'block.c',
'cipher.c',
crypto: add ASN.1 DER decoder Add an ANS.1 DER decoder which is used to parse asymmetric cipher keys Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
4 years ago
'der.c',
meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
'hash.c',
'hmac.c',
'ivgen-essiv.c',
'ivgen-plain.c',
'ivgen-plain64.c',
'ivgen.c',
'pbkdf.c',
'secret_common.c',
'secret.c',
'tlscreds.c',
'tlscredsanon.c',
'tlscredspsk.c',
'tlscredsx509.c',
'tlssession.c',
crypto: Implement RSA algorithm by hogweed Implement RSA algorithm by hogweed from nettle. Thus QEMU supports a 'real' RSA backend to handle request from guest side. It's important to test RSA offload case without OS & hardware requirement. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
4 years ago
'rsakey.c',
meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
))
crypto: Introduce x509 utils An utility function for getting fingerprint from X.509 certificate has been introduced. Implementation only provided using gnutls. Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> [DB: fixed missing gnutls_x509_crt_deinit in success path] Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2 years ago
if gnutls.found()
crypto: introduce a wrapper around gnutls credentials The gnutls_credentials_set() method has a very suprising API contract that requires the caller to preserve the passed in credentials pointer for as long as the gnutls_session_t object is alive. QEMU is failing to ensure this happens. In QEMU the GNUTLS credentials object is owned by the QCryptoTLSCreds object instance while the GNUTLS session object is owned by the QCryptoTLSSession object instance. Their lifetimes are not guaranteed to be the same, though in most common usage the credentials will outlive the session. This is notably not the case, however, after the VNC server gained the ability to reload credentials on the fly with: commit 1f08e3415120637cad7f540d9ceb4dba3136dbdd Author: Zihao Chang <changzihao1@huawei.com> Date: Tue Mar 16 15:58:44 2021 +0800 vnc: support reload x509 certificates for vnc If that is triggered while a VNC client is in the middle of performing a TLS handshake, we might hit a use-after-free. It is difficult to correct this problem because there's no way to deep- clone a GNUTLS credentials object, nor is it reference counted. Thus we introduce a QCryptoTLSCredsBox object whose only purpose is to add reference counting around the GNUTLS credentials object. The DH parameters set against a credentials object also have to be kept alive for as long as the credentials exist. So the box must also hold the DH parameters pointer. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
5 months ago
crypto_ss.add(files(
'tlscredsbox.c',
'x509-utils.c',
))
crypto: Introduce x509 utils An utility function for getting fingerprint from X.509 certificate has been introduced. Implementation only provided using gnutls. Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> [DB: fixed missing gnutls_x509_crt_deinit in success path] Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2 years ago
endif
configure, meson: convert crypto detection to meson Reviewed-by: Richard Henderson <richard.henderson@liaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years ago
if nettle.found()
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
crypto: Implement RSA algorithm by hogweed Implement RSA algorithm by hogweed from nettle. Thus QEMU supports a 'real' RSA backend to handle request from guest side. It's important to test RSA offload case without OS & hardware requirement. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
4 years ago
if hogweed.found()
crypto_ss.add(gmp, hogweed)
endif
configure, meson: convert crypto detection to meson Reviewed-by: Richard Henderson <richard.henderson@liaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years ago
elif gcrypt.found()
crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcrypt.c'))
crypto: bump min gnutls to 3.7.5 Per repology, current shipping versions are: RHEL-9: 3.8.3 Debian 13: 3.8.9 openSUSE Leap 15: 3.8.3 Ubuntu LTS 22.04: 3.7.5 FreeBSD: 3.8.10 Fedora 42: 3.8.10 OpenBSD: 3.8.10 macOS HomeBrew: 3.8.10 Ubuntu 22.04 is our oldest constraint at this time. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
5 months ago
elif gnutls.found()
crypto: add gnutls pbkdf provider This adds support for using gnutls as a provider of the crypto pbkdf APIs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
5 years ago
crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-gnutls.c', 'pbkdf-gnutls.c'))
meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
else
crypto: fix build with gcrypt enabled If nettle is disabled and gcrypt enabled, the compiler and linker flags needed for gcrypt are not passed. Gnutls was also not added as a dependancy when gcrypt is enabled. Attempting to add the library dependencies at the same time as the source dependencies is error prone, as there are alot of different rules for picking which sources to use, and some of the source files use code level conditionals intead. It is thus clearer to add the library dependencies separately. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200901133050.381844-2-berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
6 years ago
crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c'))
meson: convert crypto directory to Meson Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years ago
endif
meson, configure: move keyctl test to meson Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years ago
if have_keyring
crypto_ss.add(files('secret_keyring.c'))
endif
configure, meson: move AF_ALG test to meson Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 years ago
if have_afalg
crypto_ss.add(if_true: files('afalg.c', 'cipher-afalg.c', 'hash-afalg.c'))
endif
crypto: only include tls-cipher-suites in emulators tls-cipher-suites is an object that is used to inject TLS configuration into the guest (via fw_cfg). It is never used for host-side TLS operation, and therefore it need not be available in the tools. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 years ago
system_ss.add(when: gnutls, if_true: files('tls-cipher-suites.c'))
crypto: fix build with gcrypt enabled If nettle is disabled and gcrypt enabled, the compiler and linker flags needed for gcrypt are not passed. Gnutls was also not added as a dependancy when gcrypt is enabled. Attempting to add the library dependencies at the same time as the source dependencies is error prone, as there are alot of different rules for picking which sources to use, and some of the source files use code level conditionals intead. It is thus clearer to add the library dependencies separately. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200901133050.381844-2-berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
6 years ago
crypto: Add generic 8-bit carry-less multiply routines Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 years ago
util_ss.add(files(
'aes.c',
'clmul.c',
'init.c',
'sm4.c',
))
crypto: introduce build system for gnutls crypto backend This introduces the build logic needed to decide whether we can use gnutls as a crypto driver backend. The actual implementations will be introduced in following patches. We only wish to use gnutls if it has version 3.6.14 or newer, because that is what finally brings HW accelerated AES-XTS mode for x86_64. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
5 years ago
if gnutls.found()
util_ss.add(gnutls)
endif
crypto: fix build with gcrypt enabled If nettle is disabled and gcrypt enabled, the compiler and linker flags needed for gcrypt are not passed. Gnutls was also not added as a dependancy when gcrypt is enabled. Attempting to add the library dependencies at the same time as the source dependencies is error prone, as there are alot of different rules for picking which sources to use, and some of the source files use code level conditionals intead. It is thus clearer to add the library dependencies separately. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200901133050.381844-2-berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
6 years ago
configure, meson: convert crypto detection to meson Reviewed-by: Richard Henderson <richard.henderson@liaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years ago
if gcrypt.found()
util_ss.add(gcrypt, files('random-gcrypt.c'))
elif gnutls.found()
util_ss.add(gnutls, files('random-gnutls.c'))
configure, meson: move some default-disabled options to meson_options.txt These do not depend on --with-default-features, so they become booleans in meson too. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years ago
elif get_option('rng_none')
libqemuutil, qapi, trace: convert to meson This shows how to do some "computations" in meson.build using its array and dictionary data structures, and also a basic usage of the sourceset module for conditional compilation. Notice the new "if have_system" part of util/meson.build, which fixes a bug in the old build system was buggy: util/dbus.c was built even for non-softmmu builds, but the dependency on -lgio was lost when the linking was done through libqemuutil.a. Because all of its users required gio otherwise, the bug was hidden. Meson instead propagates libqemuutil's dependencies down to its users, and shows the problem. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 years ago
util_ss.add(files('random-none.c'))
else
util_ss.add(files('random-platform.c'))
endif
crypto: fix build with gcrypt enabled If nettle is disabled and gcrypt enabled, the compiler and linker flags needed for gcrypt are not passed. Gnutls was also not added as a dependancy when gcrypt is enabled. Attempting to add the library dependencies at the same time as the source dependencies is error prone, as there are alot of different rules for picking which sources to use, and some of the source files use code level conditionals intead. It is thus clearer to add the library dependencies separately. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200901133050.381844-2-berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
6 years ago