From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177204; cv=none; d=zohomail.com; s=zohoarc; b=OQ9Z9BPAXgzlxzc6SGlfvA7maSI/Dr253JV9SVuVKZtWwi04yQcEbizD8G9FPa7HYLbZkOf7smzx508n3y2oz8dkqPlnXVDRIuAJzA4EhGrm0KXuofyS9YeLvvVKxWGacYFKRhtmePFHuQHIoLYbm49KNkcGtBmOk1ZQfPgUp14= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177204; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7Co7PJ34fXM/JdygLYNIMosDdSA5UrYHDorKwVuhdI8=; b=GlnAajGiLaZbzNUcw1Gvv3c/4UWh8vPC7EX/LtiwVmO+jdUmx2qsiVQuQ9fz56AyRi+IYRmYoivcFpNkmt2eAYdJVhm/fNTZd0vO86VM1N/whroobdkbXYHb1UOnv/dpfoNGfXy6iyy4Mn31Qntuzd0cFzbAcV8lY754+Rb/MRU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177204972628.2224421323377; Mon, 3 Nov 2025 05:40:04 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulG-0005GU-5m; Mon, 03 Nov 2025 08:38:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulE-0005Fa-AW for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:16 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFukt-0004MA-Kw for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:14 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-Fkmc2nHaPKW5aMXWMQuY6w-1; Mon, 03 Nov 2025 08:37:47 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C9178195605A; Mon, 3 Nov 2025 13:37:46 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id BE68A1800451; Mon, 3 Nov 2025 13:37:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177071; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7Co7PJ34fXM/JdygLYNIMosDdSA5UrYHDorKwVuhdI8=; b=Fck7Et1fLP83s7eH+zbCfj0WxCN04zpGw6Kjb3s6c2Iwhppi/L/NdiQICi3MvWWq8mlLkx 3x31aGKAGZR5BIroTxvLTPWxe2xcrCWqqgSqARp+wExfG0jrSQdcjVVMU5M+Bdk8Sv1erO 1nMP4tq3vKk48WoD8aiCsrlYOj+9ThA= X-MC-Unique: Fkmc2nHaPKW5aMXWMQuY6w-1 X-Mimecast-MFC-AGG-ID: Fkmc2nHaPKW5aMXWMQuY6w_1762177067 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier , "Richard W.M. Jones" Subject: [PULL 01/32] Implement -run-with exit-with-parent=on Date: Mon, 3 Nov 2025 13:36:55 +0000 Message-ID: <20251103133727.423041-2-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177210649158500 From: Richard W.M. Jones Libguestfs wants to use qemu to run a captive appliance. When the program linked to libguestfs exits, we want qemu to be cleaned up. Libguestfs goes to great lengths to do this at the moment: it either forks a separate process to ensure clean-up is done, or it asks libvirt to clean up the qemu process. However this is complicated and not totally reliable. On Linux, FreeBSD and macOS, there are mechanisms to ensure a signal or message is delivered to a process when its parent process goes away. The qemu test suite even uses this mechanism on Linux (see PR_SET_PDEATHSIG in tests/qtest/libqtest.c). In nbdkit we have long had the concept of running nbdkit captively, and we have the nbdkit --exit-with-parent flag to help (https://libguestfs.org/nbdkit-captive.1.html#EXIT-WITH-PARENT) This commit adds the same mechanism. The syntax is: qemu -run-with exit-with-parent=3Don [...] This is not a feature that most typical users of qemu (for running general purpose, long-lived VMs) should use, so it defaults to off. The exit-with-parent.[ch] files are copied from nbdkit, where they have a 3-clause BSD license which is compatible with qemu: https://gitlab.com/nbdkit/nbdkit/-/tree/master/common/utils?ref_type=3Dheads Thanks: Daniel P. Berrang=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Richard W.M. Jones Signed-off-by: Daniel P. Berrang=C3=A9 --- include/qemu/exit-with-parent.h | 57 +++++++++++++ qemu-options.hx | 13 ++- system/exit-with-parent.c | 140 ++++++++++++++++++++++++++++++++ system/meson.build | 1 + system/vl.c | 13 +++ 5 files changed, 222 insertions(+), 2 deletions(-) create mode 100644 include/qemu/exit-with-parent.h create mode 100644 system/exit-with-parent.c diff --git a/include/qemu/exit-with-parent.h b/include/qemu/exit-with-paren= t.h new file mode 100644 index 0000000000..c00b863fe9 --- /dev/null +++ b/include/qemu/exit-with-parent.h @@ -0,0 +1,57 @@ +/* + * SPDX-License-Identifier: BSD-3-Clause + * Originally derived from nbdkit common/utils/exit-with-parent.h + * Copyright Red Hat + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * * Neither the name of Red Hat nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef NBDKIT_EXIT_WITH_PARENT_H +#define NBDKIT_EXIT_WITH_PARENT_H + +/* Test if the feature is available on the platform. */ +static inline bool can_exit_with_parent(void) +{ +#if defined(__linux__) || defined(__FreeBSD__) || defined(__APPLE__) + return true; +#else + return false; +#endif +} + +/* + * --exit-with-parent: kill the current process if the parent exits. + * This may return -1 on error. + * + * Note this will abort on platforms where can_exit_with_parent() + * returned false. + */ +extern int set_exit_with_parent(void); + +#endif /* NBDKIT_EXIT_WITH_PARENT_H */ diff --git a/qemu-options.hx b/qemu-options.hx index 0223ceffeb..fca2b7bc74 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5467,15 +5467,18 @@ DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, ""= , QEMU_ARCH_ALL) =20 #if defined(CONFIG_POSIX) && !defined(EMSCRIPTEN) DEF("run-with", HAS_ARG, QEMU_OPTION_run_with, - "-run-with [async-teardown=3Don|off][,chroot=3Ddir][user=3Dusername|ui= d:gid]\n" + "-run-with [async-teardown=3Don|off][,chroot=3Ddir]\n" \ + " [,exit-with-parent=3Don|off][,user=3Dusername|uid:gid]\n" " Set miscellaneous QEMU process lifecycle options:\n" " async-teardown=3Don enables asynchronous teardown (Li= nux only)\n" + " exit-with-parent=3Don causes QEMU to exit if the pare= nt\n" + " process of QEMU exits (Linux, FreeBSD, macOS only)\= n" " chroot=3Ddir chroot to dir just before starting the V= M\n" " user=3Dusername switch to the specified user before s= tarting the VM\n" " user=3Duid:gid ditto, but use specified user-ID and g= roup-ID instead\n", QEMU_ARCH_ALL) SRST -``-run-with [async-teardown=3Don|off][,chroot=3Ddir][user=3Dusername|uid:g= id]`` +``-run-with [async-teardown=3Don|off][,chroot=3Ddir][,exit-with-parent=3Do= n|off][,user=3Dusername|uid:gid]`` Set QEMU process lifecycle options. =20 ``async-teardown=3Don`` enables asynchronous teardown. A new process c= alled @@ -5493,6 +5496,12 @@ SRST immediately before starting the guest execution. This is especially us= eful in combination with ``user=3D...``. =20 + ``exit-with-parent=3Don`` causes QEMU to exit if the parent process of + QEMU exits. This can be used when QEMU runs a captive appliance, + where the lifetime of the appliance is scoped to the parent process. + In case the parent process crashes, QEMU is still cleaned up. + This only works on Linux, FreeBSD and macOS platforms. + ``user=3Dusername`` or ``user=3Duid:gid`` can be used to drop root pri= vileges before starting guest execution. QEMU will use the ``setuid`` and ``se= tgid`` system calls to switch to the specified identity. Note that the diff --git a/system/exit-with-parent.c b/system/exit-with-parent.c new file mode 100644 index 0000000000..df65d2231a --- /dev/null +++ b/system/exit-with-parent.c @@ -0,0 +1,140 @@ +/* + * SPDX-License-Identifier: BSD-3-Clause + * Originally derived from nbdkit common/utils/exit-with-parent.c + * Copyright Red Hat + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * * Neither the name of Red Hat nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Implement the --exit-with-parent feature on operating systems which + * support it. + */ + +#include "qemu/osdep.h" +#include "qemu/exit-with-parent.h" + +#if defined(__linux__) + +#include + +/* + * Send SIGTERM to self when the parent exits. This will cause + * qemu_system_killed() to be called. + * + * PR_SET_PDEATHSIG has been defined since Linux 2.1.57. + */ +int +set_exit_with_parent(void) +{ + return prctl(PR_SET_PDEATHSIG, SIGTERM); +} + +#elif defined(__FreeBSD__) + +#include + +/* + * Send SIGTERM to self when the parent exits. This will cause + * qemu_system_killed() to be called. + * + * PROC_PDEATHSIG_CTL has been defined since FreeBSD 11.2. + */ +int +set_exit_with_parent(void) +{ + const int sig =3D SIGTERM; + return procctl(P_PID, 0, PROC_PDEATHSIG_CTL, (void *) &sig); +} + +#elif defined(__APPLE__) + +/* For macOS. */ + +#include "qemu/thread.h" +#include "qemu/error-report.h" +#include "system/runstate.h" +#include + +static void * +exit_with_parent_loop(void *vp) +{ + const pid_t ppid =3D getppid(); + int fd; + struct kevent kev, res[1]; + int r; + + /* Register the kevent to wait for ppid to exit. */ + fd =3D kqueue(); + if (fd =3D=3D -1) { + error_report("exit_with_parent_loop: kqueue: %m"); + return NULL; + } + EV_SET(&kev, ppid, EVFILT_PROC, EV_ADD | EV_ENABLE, NOTE_EXIT, 0, NULL= ); + if (kevent(fd, &kev, 1, NULL, 0, NULL) =3D=3D -1) { + error_report("exit_with_parent_loop: kevent: %m"); + close(fd); + return NULL; + } + + /* Wait for the kevent to happen. */ + r =3D kevent(fd, 0, 0, res, 1, NULL); + if (r =3D=3D 1 && res[0].ident =3D=3D ppid) { + /* Behave like Linux and FreeBSD above, as if SIGTERM was sent */ + qemu_system_killed(SIGTERM, ppid); + } + + return NULL; +} + +int +set_exit_with_parent(void) +{ + QemuThread exit_with_parent_thread; + + /* + * We have to block waiting for kevent, so that requires that we + * start a background thread. + */ + qemu_thread_create(&exit_with_parent_thread, + "exit-parent", + exit_with_parent_loop, NULL, + QEMU_THREAD_DETACHED); + return 0; +} + +#else /* any platform that doesn't support this function */ + +int +set_exit_with_parent(void) +{ + g_assert_not_reached(); +} + +#endif diff --git a/system/meson.build b/system/meson.build index 6d21ff9faa..4b69ef0f5f 100644 --- a/system/meson.build +++ b/system/meson.build @@ -15,6 +15,7 @@ system_ss.add(files( 'datadir.c', 'dirtylimit.c', 'dma-helpers.c', + 'exit-with-parent.c', 'globals.c', 'ioport.c', 'ram-block-attributes.c', diff --git a/system/vl.c b/system/vl.c index 29f5389151..5091fe52d9 100644 --- a/system/vl.c +++ b/system/vl.c @@ -53,6 +53,7 @@ #include "qemu/sockets.h" #include "qemu/accel.h" #include "qemu/async-teardown.h" +#include "qemu/exit-with-parent.h" #include "hw/usb.h" #include "hw/isa/isa.h" #include "hw/scsi/scsi.h" @@ -783,6 +784,10 @@ static QemuOptsList qemu_run_with_opts =3D { .name =3D "chroot", .type =3D QEMU_OPT_STRING, }, + { + .name =3D "exit-with-parent", + .type =3D QEMU_OPT_BOOL, + }, { .name =3D "user", .type =3D QEMU_OPT_STRING, @@ -3691,6 +3696,14 @@ void qemu_init(int argc, char **argv) if (str) { os_set_chroot(str); } + if (qemu_opt_get_bool(opts, "exit-with-parent", false)) { + if (!can_exit_with_parent()) { + error_report("exit-with-parent is not available" + " on this platform"); + exit(1); + } + set_exit_with_parent(); + } str =3D qemu_opt_get(opts, "user"); if (str) { if (!os_set_runas(str)) { --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177162; cv=none; d=zohomail.com; s=zohoarc; b=eiaL0jJAawcVUrVddV/4VT5UeBq8M1eVOwfpnPlkJqpDmah6Nebz11TI5zUhVnq9gjeW5xKCcjb/Q9EfmJzavnuPzzWzD6axs9V67gbp2LWVvQS/6h8xS9TOZu5Cp9OBTKR4xcEksTtlUITJLZuC1kLbH37leAii8WibuDf9BKk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177162; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xNT92Ugjgpz70btOkgeBKep056c5nqReEHCF/b1wFx4=; b=eh7rpOxFSqyFAkebPXb81RQ4hjoEovTrQL8kestb1YFoEsm4KZDzPt8DBQcAv7kKBrqJpaynobTewdYswjKZ7B+4LD2urgXIUaaZE7KQCyvxBxwU9662gBB1Mo1/D/u/rIuMyvG97bKqWiYVIjkHrpaFlnG8EgLrKrV5R8/E5+M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177162119848.1138452873329; Mon, 3 Nov 2025 05:39:22 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulH-0005Gz-M7; Mon, 03 Nov 2025 08:38:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulG-0005Fx-7Q for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFul5-0004Mt-FP for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:16 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-279-8d4p3hUKONynDrrtXrXigA-1; Mon, 03 Nov 2025 08:37:54 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8F01F195608F; Mon, 3 Nov 2025 13:37:53 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id C6AFA1800451; Mon, 3 Nov 2025 13:37:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xNT92Ugjgpz70btOkgeBKep056c5nqReEHCF/b1wFx4=; b=CeUblGrIyUOG+1rEVpKmz85440YrDJvvBzuDpxyVg5A8qG1tFarTGDU7SdnDb8hQFVfJBm it9WfqQjI1OrE38JXQaFkTP16bRVhyUIyK+XZrwcfhu+TQSBJo2fddWKT+fmEPVgtHGFtR plztubJkiwB9cUVrJYfdx6hvh/ADyy0= X-MC-Unique: 8d4p3hUKONynDrrtXrXigA-1 X-Mimecast-MFC-AGG-ID: 8d4p3hUKONynDrrtXrXigA_1762177073 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier , "Richard W.M. Jones" Subject: [PULL 02/32] tests/qtest: Use exit-with-parent=on in qtest invocations Date: Mon, 3 Nov 2025 13:36:56 +0000 Message-ID: <20251103133727.423041-3-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177174194158500 From: Richard W.M. Jones Previously libqtest.c set PR_SET_PDEATHSIG (or the equivalent on FreeBSD) after forking the qemu subprocess. However we can get the same behaviour now by using the new -run-with exit-with-parent=3Don flag, on platforms that support it. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Richard W.M. Jones Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/qtest/libqtest.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index 933d085869..622464e365 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -33,6 +33,7 @@ #include "qemu/accel.h" #include "qemu/ctype.h" #include "qemu/cutils.h" +#include "qemu/exit-with-parent.h" #include "qemu/sockets.h" #include "qobject/qdict.h" #include "qobject/qjson.h" @@ -433,24 +434,6 @@ static QTestState *qtest_spawn_qemu(const char *qemu_b= in, const char *args, #ifndef _WIN32 pid =3D fork(); if (pid =3D=3D 0) { -#ifdef __linux__ - /* - * Although we register a ABRT handler to kill off QEMU - * when g_assert() triggers, we want an extra safety - * net. The QEMU process might be non-functional and - * thus not have responded to SIGTERM. The test script - * might also have crashed with SEGV, in which case the - * cleanup handlers won't ever run. - * - * This PR_SET_PDEATHSIG setup will ensure any remaining - * QEMU will get terminated with SIGKILL in these cases. - */ - prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); -#endif /* __linux__ */ -#ifdef __FreeBSD__ - int sig =3D SIGKILL; - procctl(P_PID, getpid(), PROC_PDEATHSIG_CTL, &sig); -#endif /* __FreeBSD__ */ execlp("/bin/sh", "sh", "-c", command->str, NULL); exit(1); } @@ -482,12 +465,15 @@ gchar *qtest_qemu_args(const char *extra_args) "-display none " "-audio none " "%s" + "%s" " -accel qtest", =20 tracearg, socket_path, getenv("QTEST_LOG") ? DEV_STDERR : DEV_NULL, qmp_socket_path, + can_exit_with_parent() ? + "-run-with exit-with-parent=3Don " : "", extra_args ?: ""); =20 return args; --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177170; cv=none; d=zohomail.com; s=zohoarc; b=OrxJdn69pqQxvnmfpyvA5CS1YXG9TzKsVvw+lqEU2FxaDivE98jzMfZQR+gmeV/33p4MhYQ9ydXsKMX0gfbMbtPWclRu1QD+iCBfUkElzphwh4xLs0lPqZcPp5JT8MBbrE/yE43WLbg3baIsdEr1GvzXFvfREPYmF82Yl01bjuI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177170; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=CytbbGx/qePdqn9PylzopkGkWlb8xBh0alfr/0UkUZU=; b=CPHad9lv7wUHDyC6AVnIZvFFxnnyc1D9O0nCYGxo742dhRCIRjNq7QNA6MislBDPRJo2X2M4FWkdDIo0tbtDpV2t1K57zXD4FmPxR0ZkfFxc26U9npSNIlRivx5o3E21GBn1rep3JwQO7nvEzAcZIE9xhfUYSL0pej9MZpQ/25Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177170823326.6836498823337; Mon, 3 Nov 2025 05:39:30 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulN-0005JM-QK; Mon, 03 Nov 2025 08:38:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulL-0005IS-L5 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:23 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFul7-0004NV-Li for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:21 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-56-wkJwEJHDOYa-FloUFcrk1g-1; Mon, 03 Nov 2025 08:38:02 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CBF4A195605B; Mon, 3 Nov 2025 13:38:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 67E2A180057B; Mon, 3 Nov 2025 13:37:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CytbbGx/qePdqn9PylzopkGkWlb8xBh0alfr/0UkUZU=; b=N92kKChkt7yq3SUiv63CcjJlpaDyACj/dAik/nYZBV7wdm8RZLhMKtYzYGNZfWh2nD8ABC mNKTDHp295YjOppWSwfJLUU9bPgpki+lpTHPaHegEEZNs9RqjjdVyApHkQC8wrKW+38i95 KLLkYny2+FoI056jjoF/QUPdcVBpIuA= X-MC-Unique: wkJwEJHDOYa-FloUFcrk1g-1 X-Mimecast-MFC-AGG-ID: wkJwEJHDOYa-FloUFcrk1g_1762177080 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 03/32] crypto/hash: Have hashing functions take void * buffer argument Date: Mon, 3 Nov 2025 13:36:57 +0000 Message-ID: <20251103133727.423041-4-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177172491158500 From: Philippe Mathieu-Daud=C3=A9 Cryptographic hash function can operate on any area of memory, regardless of the content their represent. Do not restrict to array of char, use the void* type, which is also the type of the underlying iovec::iov_base field. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/hash.c | 16 ++++++++-------- crypto/hmac.c | 8 ++++---- include/crypto/hash.h | 8 ++++---- include/crypto/hmac.h | 4 ++-- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/crypto/hash.c b/crypto/hash.c index 7513769e42..6ffb88bf54 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -67,13 +67,13 @@ int qcrypto_hash_bytesv(QCryptoHashAlgo alg, =20 =20 int qcrypto_hash_bytes(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, uint8_t **result, size_t *resultlen, Error **errp) { - struct iovec iov =3D { .iov_base =3D (char *)buf, + struct iovec iov =3D { .iov_base =3D (void *)buf, .iov_len =3D len }; return qcrypto_hash_bytesv(alg, &iov, 1, result, resultlen, errp); } @@ -89,11 +89,11 @@ int qcrypto_hash_updatev(QCryptoHash *hash, } =20 int qcrypto_hash_update(QCryptoHash *hash, - const char *buf, + const void *buf, size_t len, Error **errp) { - struct iovec iov =3D { .iov_base =3D (char *)buf, .iov_len =3D len }; + struct iovec iov =3D { .iov_base =3D (void *)buf, .iov_len =3D len }; =20 return qcrypto_hash_updatev(hash, &iov, 1, errp); } @@ -206,12 +206,12 @@ int qcrypto_hash_digestv(QCryptoHashAlgo alg, } =20 int qcrypto_hash_digest(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, char **digest, Error **errp) { - struct iovec iov =3D { .iov_base =3D (char *)buf, .iov_len =3D len }; + struct iovec iov =3D { .iov_base =3D (void *)buf, .iov_len =3D len }; =20 return qcrypto_hash_digestv(alg, &iov, 1, digest, errp); } @@ -237,12 +237,12 @@ int qcrypto_hash_base64v(QCryptoHashAlgo alg, } =20 int qcrypto_hash_base64(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, char **base64, Error **errp) { - struct iovec iov =3D { .iov_base =3D (char *)buf, .iov_len =3D len }; + struct iovec iov =3D { .iov_base =3D (void *)buf, .iov_len =3D len }; =20 return qcrypto_hash_base64v(alg, &iov, 1, base64, errp); } diff --git a/crypto/hmac.c b/crypto/hmac.c index 422e005182..2f0d044cf2 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -28,14 +28,14 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac, } =20 int qcrypto_hmac_bytes(QCryptoHmac *hmac, - const char *buf, + const void *buf, size_t len, uint8_t **result, size_t *resultlen, Error **errp) { struct iovec iov =3D { - .iov_base =3D (char *)buf, + .iov_base =3D (void *)buf, .iov_len =3D len }; =20 @@ -70,13 +70,13 @@ int qcrypto_hmac_digestv(QCryptoHmac *hmac, } =20 int qcrypto_hmac_digest(QCryptoHmac *hmac, - const char *buf, + const void *buf, size_t len, char **digest, Error **errp) { struct iovec iov =3D { - .iov_base =3D (char *)buf, + .iov_base =3D (void *)buf, .iov_len =3D len }; =20 diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 1868d4a0f7..43525098c5 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -122,7 +122,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgo alg, * Returns: 0 on success, -1 on error */ int qcrypto_hash_bytes(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, uint8_t **result, size_t *resultlen, @@ -180,7 +180,7 @@ int qcrypto_hash_updatev(QCryptoHash *hash, * Returns: 0 on success, -1 on error */ int qcrypto_hash_update(QCryptoHash *hash, - const char *buf, + const void *buf, size_t len, Error **errp); =20 @@ -289,7 +289,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoHash, qcrypto_hash= _free) * Returns: 0 on success, -1 on error */ int qcrypto_hash_digest(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, char **digest, Error **errp); @@ -335,7 +335,7 @@ int qcrypto_hash_base64v(QCryptoHashAlgo alg, * Returns: 0 on success, -1 on error */ int qcrypto_hash_base64(QCryptoHashAlgo alg, - const char *buf, + const void *buf, size_t len, char **base64, Error **errp); diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h index af3d5f8feb..0885ae22d1 100644 --- a/include/crypto/hmac.h +++ b/include/crypto/hmac.h @@ -139,7 +139,7 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac, * 0 on success, -1 on error */ int qcrypto_hmac_bytes(QCryptoHmac *hmac, - const char *buf, + const void *buf, size_t len, uint8_t **result, size_t *resultlen, @@ -187,7 +187,7 @@ int qcrypto_hmac_digestv(QCryptoHmac *hmac, * Returns: 0 on success, -1 on error */ int qcrypto_hmac_digest(QCryptoHmac *hmac, - const char *buf, + const void *buf, size_t len, char **digest, Error **errp); --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177167; cv=none; d=zohomail.com; s=zohoarc; b=XokxtqlwrFqw8e0y+XN9sRqgy23kD/DhK0ul3q5tLXXkrC/pGAUCO03UJ6JGzR4EKrUCRHU0k6CSUa2Iw5nQ2RGZChOidVrvCg8UgBPrVcnr27h6V9qhBOIpHSyYyf2DNFCybTsm7BuUCHkp4vQ4ZYX4hWHrcT5lrqXQWY1tnFE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177167; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XSSIy3EiM2AVloR1JXFub00eTZguXOQQn8qfl7WQFB0=; b=lJu2ziRew1968Q6NDMcCJqGGdN+GtPV6uh500qQei7MCqjqoiOG7RyaYjfMx/08cTzaFKi8oCxZWaqiZHmYA4RYwDCO6zvfLMwPycqP5KiaPC205pHSnLXtTxx9KHI9LeMEw/aBzxKKlU2ACRbaU9Jb6FKDBf+2MSciqsT5smQ8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177167255173.86919924596373; Mon, 3 Nov 2025 05:39:27 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulM-0005J7-QR; Mon, 03 Nov 2025 08:38:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulL-0005IT-LG for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:23 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulE-0004O7-Nm for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:22 -0500 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-18-2SOzGpWqOImXZ8oxiIxnTw-1; Mon, 03 Nov 2025 08:38:10 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 151AE1956063; Mon, 3 Nov 2025 13:38:09 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 960621800576; Mon, 3 Nov 2025 13:38:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XSSIy3EiM2AVloR1JXFub00eTZguXOQQn8qfl7WQFB0=; b=M/VVFQNyO+7BwKBUjRWzz9JcoNoVNzQqyuvds845EJFGSM5t3I+7P/d1v91eazkBL4lpZI VLnmJafig85k15O1tRyi6uL8k8Xz9XR6oocekPclva5COZXCOYRg7ormgUz2p8D7MgM6Au QeicIKrgVQYq1/xPKqYqStBN7SaDNRU= X-MC-Unique: 2SOzGpWqOImXZ8oxiIxnTw-1 X-Mimecast-MFC-AGG-ID: 2SOzGpWqOImXZ8oxiIxnTw_1762177089 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 04/32] io/channel: Have read/write functions take void * buffer argument Date: Mon, 3 Nov 2025 13:36:58 +0000 Message-ID: <20251103133727.423041-5-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177169992154100 From: Philippe Mathieu-Daud=C3=A9 I/O channel read/write functions can operate on any area of memory, regardless of the content their represent. Do not restrict to array of char, use the void* type, which is also the type of the underlying iovec::iov_base field. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 [DB: also adapt test-crypto-tlssession.c func signatures] Signed-off-by: Daniel P. Berrang=C3=A9 --- include/crypto/tlssession.h | 4 ++-- include/io/channel.h | 14 +++++++------- io/channel-tls.c | 4 ++-- io/channel.c | 14 +++++++------- tests/unit/test-crypto-tlssession.c | 4 ++-- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 2e9fe11cf6..28e419681e 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -199,11 +199,11 @@ int qcrypto_tls_session_check_credentials(QCryptoTLSS= ession *sess, * These must return QCRYPTO_TLS_SESSION_ERR_BLOCK if the I/O * would block, but on other errors, must fill 'errp' */ -typedef ssize_t (*QCryptoTLSSessionWriteFunc)(const char *buf, +typedef ssize_t (*QCryptoTLSSessionWriteFunc)(const void *buf, size_t len, void *opaque, Error **errp); -typedef ssize_t (*QCryptoTLSSessionReadFunc)(char *buf, +typedef ssize_t (*QCryptoTLSSessionReadFunc)(void *buf, size_t len, void *opaque, Error **errp); diff --git a/include/io/channel.h b/include/io/channel.h index 0f25ae0069..db893a3628 100644 --- a/include/io/channel.h +++ b/include/io/channel.h @@ -437,7 +437,7 @@ ssize_t qio_channel_writev(QIOChannel *ioc, * a single memory region. */ ssize_t qio_channel_read(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp); =20 @@ -453,7 +453,7 @@ ssize_t qio_channel_read(QIOChannel *ioc, * single memory region. */ ssize_t qio_channel_write(QIOChannel *ioc, - const char *buf, + const void *buf, size_t buflen, Error **errp); =20 @@ -475,7 +475,7 @@ ssize_t qio_channel_write(QIOChannel *ioc, * without data, or -1 on error */ int coroutine_mixed_fn qio_channel_read_all_eof(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp); =20 @@ -495,7 +495,7 @@ int coroutine_mixed_fn qio_channel_read_all_eof(QIOChan= nel *ioc, * Returns: 0 if all bytes were read, or -1 on error */ int coroutine_mixed_fn qio_channel_read_all(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp); =20 @@ -514,7 +514,7 @@ int coroutine_mixed_fn qio_channel_read_all(QIOChannel = *ioc, * Returns: 0 if all bytes were written, or -1 on error */ int coroutine_mixed_fn qio_channel_write_all(QIOChannel *ioc, - const char *buf, + const void *buf, size_t buflen, Error **errp); =20 @@ -595,7 +595,7 @@ ssize_t qio_channel_pwritev(QIOChannel *ioc, const stru= ct iovec *iov, * flag QIO_CHANNEL_FEATURE_SEEKABLE prior to calling this method. * */ -ssize_t qio_channel_pwrite(QIOChannel *ioc, char *buf, size_t buflen, +ssize_t qio_channel_pwrite(QIOChannel *ioc, void *buf, size_t buflen, off_t offset, Error **errp); =20 /** @@ -631,7 +631,7 @@ ssize_t qio_channel_preadv(QIOChannel *ioc, const struc= t iovec *iov, * flag QIO_CHANNEL_FEATURE_SEEKABLE prior to calling this method. * */ -ssize_t qio_channel_pread(QIOChannel *ioc, char *buf, size_t buflen, +ssize_t qio_channel_pread(QIOChannel *ioc, void *buf, size_t buflen, off_t offset, Error **errp); =20 /** diff --git a/io/channel-tls.c b/io/channel-tls.c index ce041795c1..b0cec27cb9 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -26,7 +26,7 @@ #include "qemu/atomic.h" =20 =20 -static ssize_t qio_channel_tls_write_handler(const char *buf, +static ssize_t qio_channel_tls_write_handler(const void *buf, size_t len, void *opaque, Error **errp) @@ -43,7 +43,7 @@ static ssize_t qio_channel_tls_write_handler(const char *= buf, return ret; } =20 -static ssize_t qio_channel_tls_read_handler(char *buf, +static ssize_t qio_channel_tls_read_handler(void *buf, size_t len, void *opaque, Error **errp) diff --git a/io/channel.c b/io/channel.c index 852e684938..8e8bd2efa8 100644 --- a/io/channel.c +++ b/io/channel.c @@ -310,7 +310,7 @@ ssize_t qio_channel_writev(QIOChannel *ioc, =20 =20 ssize_t qio_channel_read(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp) { @@ -320,7 +320,7 @@ ssize_t qio_channel_read(QIOChannel *ioc, =20 =20 ssize_t qio_channel_write(QIOChannel *ioc, - const char *buf, + const void *buf, size_t buflen, Error **errp) { @@ -330,7 +330,7 @@ ssize_t qio_channel_write(QIOChannel *ioc, =20 =20 int coroutine_mixed_fn qio_channel_read_all_eof(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp) { @@ -340,7 +340,7 @@ int coroutine_mixed_fn qio_channel_read_all_eof(QIOChan= nel *ioc, =20 =20 int coroutine_mixed_fn qio_channel_read_all(QIOChannel *ioc, - char *buf, + void *buf, size_t buflen, Error **errp) { @@ -350,7 +350,7 @@ int coroutine_mixed_fn qio_channel_read_all(QIOChannel = *ioc, =20 =20 int coroutine_mixed_fn qio_channel_write_all(QIOChannel *ioc, - const char *buf, + const void *buf, size_t buflen, Error **errp) { @@ -475,7 +475,7 @@ ssize_t qio_channel_pwritev(QIOChannel *ioc, const stru= ct iovec *iov, return klass->io_pwritev(ioc, iov, niov, offset, errp); } =20 -ssize_t qio_channel_pwrite(QIOChannel *ioc, char *buf, size_t buflen, +ssize_t qio_channel_pwrite(QIOChannel *ioc, void *buf, size_t buflen, off_t offset, Error **errp) { struct iovec iov =3D { @@ -504,7 +504,7 @@ ssize_t qio_channel_preadv(QIOChannel *ioc, const struc= t iovec *iov, return klass->io_preadv(ioc, iov, niov, offset, errp); } =20 -ssize_t qio_channel_pread(QIOChannel *ioc, char *buf, size_t buflen, +ssize_t qio_channel_pread(QIOChannel *ioc, void *buf, size_t buflen, off_t offset, Error **errp) { struct iovec iov =3D { diff --git a/tests/unit/test-crypto-tlssession.c b/tests/unit/test-crypto-t= lssession.c index d0baf3b304..0d06a6892e 100644 --- a/tests/unit/test-crypto-tlssession.c +++ b/tests/unit/test-crypto-tlssession.c @@ -36,7 +36,7 @@ #define KEYFILE WORKDIR "key-ctx.pem" =20 static ssize_t -testWrite(const char *buf, size_t len, void *opaque, Error **errp) +testWrite(const void *buf, size_t len, void *opaque, Error **errp) { int *fd =3D opaque; int ret; @@ -54,7 +54,7 @@ testWrite(const char *buf, size_t len, void *opaque, Erro= r **errp) } =20 static ssize_t -testRead(char *buf, size_t len, void *opaque, Error **errp) +testRead(void *buf, size_t len, void *opaque, Error **errp) { int *fd =3D opaque; int ret; --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177167; cv=none; d=zohomail.com; s=zohoarc; b=Isu+QdyAhD/dK26b/k9jHwuPKdkzxDwKs1xi+KhZZWl1DS/H+3qdcTT2a3GpdjQQnw3KWqjKrhJb32v7QFTge0nWDI1XDLzXa5ppH5UqUb5gEBAAT9IsJqvzjU88Cu95JzoQWhb5SMs5ivNvfYc5HJrFxw+xLXt71jiG8LWvbRQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177167; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/DCgQHRQ4LgqiDT0bOp7WC3tHOQInQec8YIMF3ANCBE=; b=BNHG95NNpUOG7I+TPG7vDwGb35l5+mPbvJRvBdxLdysP5bgKeddQ2WZl0SRoli+2rD2iE1AMUZDWO1NUfoYGM3cUpVLsGbCckuoCNKQxbrujpFQEAZKvkhY2olkqz6mNTqRxWqXvgTqcH9jVBnZCEikm63CAnXhnu9607wG1vyM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177167815742.3613324430981; Mon, 3 Nov 2025 05:39:27 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulh-0005P7-2j; Mon, 03 Nov 2025 08:38:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulU-0005Lo-VN for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:33 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulM-0004Ou-Dz for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:27 -0500 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-70-mjR5QrdhNmyO8Km646FqJQ-1; Mon, 03 Nov 2025 08:38:16 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 39D4118001DA; Mon, 3 Nov 2025 13:38:15 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 803541800576; Mon, 3 Nov 2025 13:38:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/DCgQHRQ4LgqiDT0bOp7WC3tHOQInQec8YIMF3ANCBE=; b=EhJgah4ROBL81pKvhj4qg2Rh7NckWackEaLKlBps2/+lV3J6/1Z6UcKH0Xvamw7gcjSSdL rGE31buGvmyXudcRX9xBhhZfALK2d0LjKhX/EA4D8Vyg/OAcF5IuFuJDKgnbA/p/KLtiNV QipOthkF0wn9a4WIJqpXG1ibdWt957Q= X-MC-Unique: mjR5QrdhNmyO8Km646FqJQ-1 X-Mimecast-MFC-AGG-ID: mjR5QrdhNmyO8Km646FqJQ_1762177095 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier , Tejus GK Subject: [PULL 05/32] io: add a "blocking" field to QIOChannelSocket Date: Mon, 3 Nov 2025 13:36:59 +0000 Message-ID: <20251103133727.423041-6-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177178264158500 From: Tejus GK Add a 'blocking' boolean field to QIOChannelSocket to track whether the underlying socket is in blocking or non-blocking mode. Signed-off-by: Tejus GK Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- include/io/channel-socket.h | 1 + io/channel-socket.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/include/io/channel-socket.h b/include/io/channel-socket.h index a88cf8b3a9..26319fa98b 100644 --- a/include/io/channel-socket.h +++ b/include/io/channel-socket.h @@ -49,6 +49,7 @@ struct QIOChannelSocket { socklen_t remoteAddrLen; ssize_t zero_copy_queued; ssize_t zero_copy_sent; + bool blocking; }; =20 =20 diff --git a/io/channel-socket.c b/io/channel-socket.c index 712b793eaf..8b30d5b7f7 100644 --- a/io/channel-socket.c +++ b/io/channel-socket.c @@ -65,6 +65,7 @@ qio_channel_socket_new(void) sioc->fd =3D -1; sioc->zero_copy_queued =3D 0; sioc->zero_copy_sent =3D 0; + sioc->blocking =3D false; =20 ioc =3D QIO_CHANNEL(sioc); qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); @@ -859,6 +860,7 @@ qio_channel_socket_set_blocking(QIOChannel *ioc, Error **errp) { QIOChannelSocket *sioc =3D QIO_CHANNEL_SOCKET(ioc); + sioc->blocking =3D enabled; =20 if (!qemu_set_blocking(sioc->fd, enabled, errp)) { return -1; --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177446; cv=none; d=zohomail.com; s=zohoarc; b=YTzqraG57ifsoJsY9wWeK5a158JI89Y9yc1mFKSJ10B+joBazSJHIQAXGT+3y/+G1oEARfDWC23BZvHBk2xT3lt462xdMabKeUoTu3WhAF2GUjv3K0fUCQ0WreP4ol/8JvsqVVcaYLENKOx6JEzjK3M/jYuo+Lp4XiEjcNV3GWw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177446; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=PHH/8x8Op/Y+Frw2h9ZHPRZ5Ou7GryVz7HpBcSZAcpA=; b=JuJLoMwnDSjkhKsQO5BPDVJz+Dik1n8nqhbK79dQCpuZC5j8ykWQR91AnUeYfzf/HKmI5IiVp8kNasDYNBolZlRg0E0hcqhpy8pobyDjy9XmXO/hN5VFLQfcsQTDffqdrMt3ShTRp5PBMdpDYUq4iU9vOBALCOmZ9cIDqeSOoIs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177446915798.0198077952276; Mon, 3 Nov 2025 05:44:06 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulo-0005QY-4u; Mon, 03 Nov 2025 08:38:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulb-0005No-TE for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:45 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFulV-0004PS-Cs for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:39 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-618-gmACHiRKP4OEWKUJAJQ-hg-1; Mon, 03 Nov 2025 08:38:28 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id AB0471954B08; Mon, 3 Nov 2025 13:38:26 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id AA97B1800578; Mon, 3 Nov 2025 13:38:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PHH/8x8Op/Y+Frw2h9ZHPRZ5Ou7GryVz7HpBcSZAcpA=; b=Ga0J7/5NtfPpcvAwsnW+6WtvDYaQNUkQ+vJu7JJ1dizj+btLbQDAn5Qkg4kpn43EpIEFIZ 2EAtl58nGmpEFiR8iwVumb268g02a87NhxdGQ861dfWYFxOVutKmf3L+nZfrt2vaw/cIbn I1y9eS1uUwwQa+gKacaXIhKb0VUi1Ts= X-MC-Unique: gmACHiRKP4OEWKUJAJQ-hg-1 X-Mimecast-MFC-AGG-ID: gmACHiRKP4OEWKUJAJQ-hg_1762177106 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier , Manish Mishra , Tejus GK Subject: [PULL 06/32] io: flush zerocopy socket error queue on sendmsg failure due to ENOBUF Date: Mon, 3 Nov 2025 13:37:00 +0000 Message-ID: <20251103133727.423041-7-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177448289154100 From: Manish Mishra The kernel allocates extra metadata SKBs in case of a zerocopy send, eventually used for zerocopy's notification mechanism. This metadata memory is accounted for in the OPTMEM limit. The kernel queues completion notifications on the socket error queue and this error queue is freed when userspace reads it. Usually, in the case of in-order processing, the kernel will batch the notifications and merge the metadata into a single SKB and free the rest. As a result, it never exceeds the OPTMEM limit. However, if there is any out-of-order processing or intermittent zerocopy failures, this error chain can grow significantly, exhausting the OPTMEM limit. As a result, all new sendmsg requests fail to allocate any new SKB, leading to an ENOBUF error. Depending on the amount of data queued before the flush (i.e., large live migration iterations), even large OPTMEM limits are prone to failure. To work around this, if we encounter an ENOBUF error with a zerocopy sendmsg, flush the error queue and retry once more. Co-authored-by: Manish Mishra Signed-off-by: Tejus GK Reviewed-by: Daniel P. Berrang=C3=A9 [DB: change TRUE/FALSE to true/false for 'bool' type; add more #ifdef QEMU_MSG_ZEROCOPY blocks] Signed-off-by: Daniel P. Berrang=C3=A9 --- include/io/channel-socket.h | 5 +++ io/channel-socket.c | 84 ++++++++++++++++++++++++++++++------- 2 files changed, 75 insertions(+), 14 deletions(-) diff --git a/include/io/channel-socket.h b/include/io/channel-socket.h index 26319fa98b..fcfd489c6c 100644 --- a/include/io/channel-socket.h +++ b/include/io/channel-socket.h @@ -50,6 +50,11 @@ struct QIOChannelSocket { ssize_t zero_copy_queued; ssize_t zero_copy_sent; bool blocking; + /** + * This flag indicates whether any new data was successfully sent with + * zerocopy since the last qio_channel_socket_flush() call. + */ + bool new_zero_copy_sent_success; }; =20 =20 diff --git a/io/channel-socket.c b/io/channel-socket.c index 8b30d5b7f7..3053b35ad8 100644 --- a/io/channel-socket.c +++ b/io/channel-socket.c @@ -37,6 +37,12 @@ =20 #define SOCKET_MAX_FDS 16 =20 +#ifdef QEMU_MSG_ZEROCOPY +static int qio_channel_socket_flush_internal(QIOChannel *ioc, + bool block, + Error **errp); +#endif + SocketAddress * qio_channel_socket_get_local_address(QIOChannelSocket *ioc, Error **errp) @@ -66,6 +72,7 @@ qio_channel_socket_new(void) sioc->zero_copy_queued =3D 0; sioc->zero_copy_sent =3D 0; sioc->blocking =3D false; + sioc->new_zero_copy_sent_success =3D false; =20 ioc =3D QIO_CHANNEL(sioc); qio_channel_set_feature(ioc, QIO_CHANNEL_FEATURE_SHUTDOWN); @@ -618,6 +625,10 @@ static ssize_t qio_channel_socket_writev(QIOChannel *i= oc, size_t fdsize =3D sizeof(int) * nfds; struct cmsghdr *cmsg; int sflags =3D 0; +#ifdef QEMU_MSG_ZEROCOPY + bool blocking =3D sioc->blocking; + bool zerocopy_flushed_once =3D false; +#endif =20 memset(control, 0, CMSG_SPACE(sizeof(int) * SOCKET_MAX_FDS)); =20 @@ -662,13 +673,30 @@ static ssize_t qio_channel_socket_writev(QIOChannel *= ioc, return QIO_CHANNEL_ERR_BLOCK; case EINTR: goto retry; +#ifdef QEMU_MSG_ZEROCOPY case ENOBUFS: if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) { - error_setg_errno(errp, errno, - "Process can't lock enough memory for usi= ng MSG_ZEROCOPY"); - return -1; + /** + * Socket error queueing may exhaust the OPTMEM limit. Try + * flushing the error queue once. + */ + if (!zerocopy_flushed_once) { + ret =3D qio_channel_socket_flush_internal(ioc, blockin= g, + errp); + if (ret < 0) { + return -1; + } + zerocopy_flushed_once =3D true; + goto retry; + } else { + error_setg_errno(errp, errno, + "Process can't lock enough memory for= " + "using MSG_ZEROCOPY"); + return -1; + } } break; +#endif } =20 error_setg_errno(errp, errno, @@ -777,8 +805,9 @@ static ssize_t qio_channel_socket_writev(QIOChannel *io= c, =20 =20 #ifdef QEMU_MSG_ZEROCOPY -static int qio_channel_socket_flush(QIOChannel *ioc, - Error **errp) +static int qio_channel_socket_flush_internal(QIOChannel *ioc, + bool block, + Error **errp) { QIOChannelSocket *sioc =3D QIO_CHANNEL_SOCKET(ioc); struct msghdr msg =3D {}; @@ -786,7 +815,6 @@ static int qio_channel_socket_flush(QIOChannel *ioc, struct cmsghdr *cm; char control[CMSG_SPACE(sizeof(*serr))]; int received; - int ret; =20 if (sioc->zero_copy_queued =3D=3D sioc->zero_copy_sent) { return 0; @@ -796,16 +824,25 @@ static int qio_channel_socket_flush(QIOChannel *ioc, msg.msg_controllen =3D sizeof(control); memset(control, 0, sizeof(control)); =20 - ret =3D 1; - while (sioc->zero_copy_sent < sioc->zero_copy_queued) { received =3D recvmsg(sioc->fd, &msg, MSG_ERRQUEUE); if (received < 0) { switch (errno) { case EAGAIN: - /* Nothing on errqueue, wait until something is available = */ - qio_channel_wait(ioc, G_IO_ERR); - continue; + if (block) { + /* + * Nothing on errqueue, wait until something is + * available. + * + * Use G_IO_ERR instead of G_IO_IN since MSG_ERRQUEUE = reads + * are signaled via POLLERR, not POLLIN, as the kernel + * sets POLLERR when zero-copy notificatons appear on = the + * socket error queue. + */ + qio_channel_wait(ioc, G_IO_ERR); + continue; + } + return 0; case EINTR: continue; default: @@ -843,13 +880,32 @@ static int qio_channel_socket_flush(QIOChannel *ioc, /* No errors, count successfully finished sendmsg()*/ sioc->zero_copy_sent +=3D serr->ee_data - serr->ee_info + 1; =20 - /* If any sendmsg() succeeded using zero copy, return 0 at the end= */ + /* If any sendmsg() succeeded using zero copy, mark zerocopy succe= ss */ if (serr->ee_code !=3D SO_EE_CODE_ZEROCOPY_COPIED) { - ret =3D 0; + sioc->new_zero_copy_sent_success =3D true; } } =20 - return ret; + return 0; +} + +static int qio_channel_socket_flush(QIOChannel *ioc, + Error **errp) +{ + QIOChannelSocket *sioc =3D QIO_CHANNEL_SOCKET(ioc); + int ret; + + ret =3D qio_channel_socket_flush_internal(ioc, true, errp); + if (ret < 0) { + return ret; + } + + if (sioc->new_zero_copy_sent_success) { + sioc->new_zero_copy_sent_success =3D false; + return 0; + } + + return 1; } =20 #endif /* QEMU_MSG_ZEROCOPY */ --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177243; cv=none; d=zohomail.com; s=zohoarc; b=FNLlf0TZvbkNH0A3owRndMr2vm5FbeIUKlWjL4Uyu+vr88LbycgOWsZR8H78yzxCRax2RFhR5VTUPkTZ5JuEz9o7V8rrhpKBdPcQoLBe4Qp5hq8AcXlzspjr0/zwWI+4i2UDasDhRvcVnYldwPrpXZRepU87vwru60cWRN6Xdeo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177243; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Hny0i0ASJJZMArEYCPvw372YSwoZx86dwGtyhGjo8rY=; b=YURd5SYtuFa1ya/IZPNc3AP0tDy46voo2imLbFn7ST4jrK+lHROy5Yby1P4XXuy4Xo2YP0CUGsdhLo2QhNJEi7Phyq6xCgFv5pNW51fNy7nrRWjkhhPjpyyBxKktPipoM/+aRpLzhKPW/R3moGJim5GxINCTpTbrKRjmBnN4InE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177243189890.3566362152023; Mon, 3 Nov 2025 05:40:43 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulq-0005Y8-QN; Mon, 03 Nov 2025 08:38:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFull-0005Qg-KF for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:50 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuld-0004Pa-MY for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:48 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-195-_4tfMLhNP8OAHN-ixKzPTw-1; Mon, 03 Nov 2025 08:38:35 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6A778195608F; Mon, 3 Nov 2025 13:38:33 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 12EF61800579; Mon, 3 Nov 2025 13:38:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hny0i0ASJJZMArEYCPvw372YSwoZx86dwGtyhGjo8rY=; b=JypNCZ8b2yLqF7oBdSGVD+5WJwutXplQKboTaFfRC5Lyszsu6YA0XuyFmOI6keTZIEV8sh l5Emx2JS9OVFcFPRyJxkVre7iCCOd0wEv38UAm9B3aGqzAQcjjvvb7NtyG/45XgFjv3WXx NAFC+gJJysn6QanBpsibqMp4rfR4Pfo= X-MC-Unique: _4tfMLhNP8OAHN-ixKzPTw-1 X-Mimecast-MFC-AGG-ID: _4tfMLhNP8OAHN-ixKzPTw_1762177114 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 07/32] crypto: bump min gnutls to 3.7.5 Date: Mon, 3 Nov 2025 13:37:01 +0000 Message-ID: <20251103133727.423041-8-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177244572154100 Per repology, current shipping versions are: RHEL-9: 3.8.3 Debian 13: 3.8.9 openSUSE Leap 15: 3.8.3 Ubuntu LTS 22.04: 3.7.5 FreeBSD: 3.8.10 Fedora 42: 3.8.10 OpenBSD: 3.8.10 macOS HomeBrew: 3.8.10 Ubuntu 22.04 is our oldest constraint at this time. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher.c | 2 +- crypto/meson.build | 2 +- meson.build | 37 ++++------------------------------ tests/unit/test-crypto-block.c | 3 +-- 4 files changed, 7 insertions(+), 37 deletions(-) diff --git a/crypto/cipher.c b/crypto/cipher.c index 229710f76b..515165e0dc 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -142,7 +142,7 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgo al= g, #include "cipher-gcrypt.c.inc" #elif defined CONFIG_NETTLE #include "cipher-nettle.c.inc" -#elif defined CONFIG_GNUTLS_CRYPTO +#elif defined CONFIG_GNUTLS #include "cipher-gnutls.c.inc" #else #include "cipher-stub.c.inc" diff --git a/crypto/meson.build b/crypto/meson.build index 735635de1f..dd61ed9174 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -38,7 +38,7 @@ if nettle.found() endif elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) -elif gnutls_crypto.found() +elif gnutls.found() crypto_ss.add(gnutls, files('hash-gnutls.c', 'hmac-gnutls.c', 'pbkdf-gnu= tls.c')) else crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c')) diff --git a/meson.build b/meson.build index df876c72f0..b67e14f630 100644 --- a/meson.build +++ b/meson.build @@ -1823,33 +1823,11 @@ if not get_option('libcbor').auto() or have_system endif =20 gnutls =3D not_found -gnutls_crypto =3D not_found gnutls_bug1717_workaround =3D false if get_option('gnutls').enabled() or (get_option('gnutls').auto() and have= _system) - # For general TLS support our min gnutls matches - # that implied by our platform support matrix - # - # For the crypto backends, we look for a newer - # gnutls: - # - # Version 3.6.8 is needed to get XTS - # Version 3.6.13 is needed to get PBKDF - # Version 3.6.14 is needed to get HW accelerated XTS - # - # If newer enough gnutls isn't available, we can - # still use a different crypto backend to satisfy - # the platform support requirements - gnutls_crypto =3D dependency('gnutls', version: '>=3D3.6.14', - method: 'pkg-config', - required: false) - if gnutls_crypto.found() - gnutls =3D gnutls_crypto - else - # Our min version if all we need is TLS - gnutls =3D dependency('gnutls', version: '>=3D3.5.18', - method: 'pkg-config', - required: get_option('gnutls')) - endif + gnutls =3D dependency('gnutls', version: '>=3D3.7.5', + method: 'pkg-config', + required: get_option('gnutls')) =20 #if gnutls.found() and not get_option('gnutls-bug1717-workaround').disab= led() # XXX: when bug 1717 is resolved, add logic to probe for @@ -1874,12 +1852,7 @@ if get_option('nettle').enabled() and get_option('gc= rypt').enabled() error('Only one of gcrypt & nettle can be enabled') endif =20 -# Explicit nettle/gcrypt request, so ignore gnutls for crypto -if get_option('nettle').enabled() or get_option('gcrypt').enabled() - gnutls_crypto =3D not_found -endif - -if not gnutls_crypto.found() +if not gnutls.found() if (not get_option('gcrypt').auto() or have_system) and not get_option('= nettle').enabled() gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', required: get_option('gcrypt')) @@ -2606,7 +2579,6 @@ config_host_data.set('CONFIG_XKBCOMMON', xkbcommon.fo= und()) config_host_data.set('CONFIG_KEYUTILS', keyutils.found()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) -config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) config_host_data.set('CONFIG_GNUTLS_BUG1717_WORKAROUND', gnutls_bug1717_wo= rkaround) config_host_data.set('CONFIG_TASN1', tasn1.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) @@ -4906,7 +4878,6 @@ summary_info =3D {} summary_info +=3D {'TLS priority': get_option('tls_priority')} summary_info +=3D {'GNUTLS support': gnutls} if gnutls.found() - summary_info +=3D {' GNUTLS crypto': gnutls_crypto.found()} summary_info +=3D {' GNUTLS bug 1717 workaround': gnutls_bug1717_workar= ound } endif summary_info +=3D {'libgcrypt': gcrypt} diff --git a/tests/unit/test-crypto-block.c b/tests/unit/test-crypto-block.c index 3ac7f17b2a..218e585f98 100644 --- a/tests/unit/test-crypto-block.c +++ b/tests/unit/test-crypto-block.c @@ -31,8 +31,7 @@ #endif =20 #if (defined(_WIN32) || defined RUSAGE_THREAD) && \ - (defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT) || \ - defined(CONFIG_GNUTLS_CRYPTO)) + (defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT)) #define TEST_LUKS #else #undef TEST_LUKS --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177239; cv=none; d=zohomail.com; s=zohoarc; b=DANcVWLuNoStpcm/Fx8Tf3J4gyKhaI7nRXP5C5wEqJ0nwR2n2bDuLm5VDr70nkr6F2T6hOj5RILe4vM0ZQ6MMjsMBEE6jvq+Zpv3PJe6vwLoDDlvtzZqOdaWaw9sZPpQa4C27xH+8HDR4pLgopK/LHVPq+e8CRuD2EKMdnRoR4s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177239; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=vB+z9X0RWqLhVPo+xQhEqFJ0ho+41w3tgdoPwu6fEfc=; b=SUwdQqgwSrqX4XjYOx1Z/BDtqOAikj+VyrmhyrMiO+SIKMsjkW0KpHM9hOtyIeFA65fzV256aXkW3HGYR4Tz8Rsk1FMrer7DVd5AX1qOjENkvhZGLrRZwhvNA5Z0HRmbAyZupxdLGYbY75SGYrNvKlrac0w7igmw2wiRJL72Sns= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177239817600.2372851114009; Mon, 3 Nov 2025 05:40:39 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFulu-0005dF-Av; Mon, 03 Nov 2025 08:38:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuls-0005bQ-Mo for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:56 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFull-0004Pv-Gt for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:38:55 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-508-0u1huQr5OuuuyhG0MXkaYg-1; Mon, 03 Nov 2025 08:38:43 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 30E2C1956096; Mon, 3 Nov 2025 13:38:42 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 72FBB1800451; Mon, 3 Nov 2025 13:38:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177126; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vB+z9X0RWqLhVPo+xQhEqFJ0ho+41w3tgdoPwu6fEfc=; b=brY8oROUe70S91fKXO8HmYg6QceTiDRg6PLgR645jHOVWZEq4H+BtRkLDQ2vCuUGPqF5dt +bMQjsT6jBk9+2iwxd0nRsESDhAiUE8DihWulOtCApd/XvbPxs844pxmXQC/55Maadli7n QU8tqkcwjJs7OKfb+xrNEtDOtphY/cw= X-MC-Unique: 0u1huQr5OuuuyhG0MXkaYg-1 X-Mimecast-MFC-AGG-ID: 0u1huQr5OuuuyhG0MXkaYg_1762177122 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 08/32] crypto: unconditionally enable gnutls XTS support Date: Mon, 3 Nov 2025 13:37:02 +0000 Message-ID: <20251103133727.423041-9-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177248727158500 The XTS support required 3.6.8 which is older than our min required version now. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-gnutls.c.inc | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/cipher-gnutls.c.inc b/crypto/cipher-gnutls.c.inc index b9450d48b0..a8263fff6d 100644 --- a/crypto/cipher-gnutls.c.inc +++ b/crypto/cipher-gnutls.c.inc @@ -23,10 +23,6 @@ =20 #include =20 -#if GNUTLS_VERSION_NUMBER >=3D 0x030608 -#define QEMU_GNUTLS_XTS -#endif - bool qcrypto_cipher_supports(QCryptoCipherAlgo alg, QCryptoCipherMode mode) { @@ -44,7 +40,6 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgo alg, default: return false; } -#ifdef QEMU_GNUTLS_XTS case QCRYPTO_CIPHER_MODE_XTS: switch (alg) { case QCRYPTO_CIPHER_ALGO_AES_128: @@ -53,7 +48,6 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgo alg, default: return false; } -#endif default: return false; } @@ -241,7 +235,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCip= herAlgo alg, int err; =20 switch (mode) { -#ifdef QEMU_GNUTLS_XTS case QCRYPTO_CIPHER_MODE_XTS: switch (alg) { case QCRYPTO_CIPHER_ALGO_AES_128: @@ -254,7 +247,6 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCip= herAlgo alg, break; } break; -#endif =20 case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177218; cv=none; d=zohomail.com; s=zohoarc; b=WRSjnTqOq9+R8T1Y4HB3447GQs+dwqUTjbXgvPOw0jObHukjJf57cL2VlSbFgRKg0iQy9cdPbZMPXOe2LmfiNjEh8nZWXjv0assQWLK7DIMK27z69+9XNqmHgbYx4qngiPKOXIQ7qvfPeS6F10tUYjSrJ2t+ZEnGVTZwd04eWoM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177218; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=rhniv0q17E9S24xaQWsNgYNGFr1qYwCkCI1iwOyc7+s=; b=h7j3DKpxR6H1Oe3pOgXke9GIu269kinBQSL+CrtoePEBQnHhpaZ7iBlr+cSLTckY8y0u67IB5CfNbwr38bAvN2l7h1LSvLzMNcaP738RAV0kzohZ65nWjhJov+HD7qnp6jN9p57YXlQ2SyfYeQp5xoV+yfjepk/NgeuKIQ0FXIc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176217721819743.220133329057944; Mon, 3 Nov 2025 05:40:18 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFum9-0005h0-Ap; Mon, 03 Nov 2025 08:39:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFum2-0005gL-Sj for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:07 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFult-0004QK-QY for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:06 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-159-uWgiS8D4OsiPi8FiNmDPHA-1; Mon, 03 Nov 2025 08:38:49 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 4F04E195608D; Mon, 3 Nov 2025 13:38:48 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1909A1800576; Mon, 3 Nov 2025 13:38:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177132; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rhniv0q17E9S24xaQWsNgYNGFr1qYwCkCI1iwOyc7+s=; b=FvvB5jETlDRjYXoyoMBXVKBnAqSa5+9HQ+PosG6Rc1iopZfjNAaEXtVcBSRzterWOwqvrB yJOQJc9kVIyqqdWWQid3IfTovlTcgptJumzXJvGdVnsf6M1fcAwMrb2ofSKJuCyuBiHQt6 L/0GGF/4AiVc+skPPgvPRd8iOQIDpws= X-MC-Unique: uWgiS8D4OsiPi8FiNmDPHA-1 X-Mimecast-MFC-AGG-ID: uWgiS8D4OsiPi8FiNmDPHA_1762177128 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 09/32] crypto: bump min libgcrypt to 1.9.4 Date: Mon, 3 Nov 2025 13:37:03 +0000 Message-ID: <20251103133727.423041-10-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177220351154100 Per repology, current shipping versions are: RHEL-9: 1.10.0 Debian 13: 1.11.0 openSUSE Leap 15: 1.10.3 Ubuntu LTS 22.04: 1.9.4 FreeBSD: 1.11.2 Fedora 42: 1.11.1 OpenBSD: 1.11.2 macOS HomeBrew: 1.11.2 Ubuntu 22.04 is our oldest constraint at this time. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- meson.build | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/meson.build b/meson.build index b67e14f630..ab1ff373e6 100644 --- a/meson.build +++ b/meson.build @@ -1854,7 +1854,7 @@ endif =20 if not gnutls.found() if (not get_option('gcrypt').auto() or have_system) and not get_option('= nettle').enabled() - gcrypt =3D dependency('libgcrypt', version: '>=3D1.8', + gcrypt =3D dependency('libgcrypt', version: '>=3D1.9.4', required: get_option('gcrypt')) # Debian has removed -lgpg-error from libgcrypt-config # as it "spreads unnecessary dependencies" which in @@ -1866,27 +1866,7 @@ if not gnutls.found() version: gcrypt.version()) endif crypto_sm4 =3D gcrypt - # SM4 ALG is available in libgcrypt >=3D 1.9 - if gcrypt.found() and not cc.links(''' - #include - int main(void) { - gcry_cipher_hd_t handler; - gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, = 0); - return 0; - }''', dependencies: gcrypt) - crypto_sm4 =3D not_found - endif crypto_sm3 =3D gcrypt - # SM3 ALG is available in libgcrypt >=3D 1.9 - if gcrypt.found() and not cc.links(''' - #include - int main(void) { - gcry_md_hd_t handler; - gcry_md_open(&handler, GCRY_MD_SM3, 0); - return 0; - }''', dependencies: gcrypt) - crypto_sm3 =3D not_found - endif endif if (not get_option('nettle').auto() or have_system) and not gcrypt.found= () nettle =3D dependency('nettle', version: '>=3D3.4', --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177230; cv=none; d=zohomail.com; s=zohoarc; b=FiqauM5NtaZ84q3vB7u6TnXzQecD9u3yTIdCtGZj+rUS3vax8GFeC7v7Fe10+J+Be+f6YTxjpLO9W0XDKp2v012lSQWqsS3s4/n+/OWGPm6Y+gOK2sSZBqrfV04TKm1EFaxz9XhzRmhhP9aYUA7/w7K38WVctipydv0v/CIGcrM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177230; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dxgSGrNVPJx4zV35lSkFTwV9rXYV0tVzZsmvfz4h+iA=; b=JQC2qw7NRNv4YYoszWk3R34fDkZFSPcgOy+W1oOVsIbmV1F3PBEfwp4CntE/Wa4T1KJBBaa9UttPXmpayFfoHhkNoLSZuYefkQL4uOJPDbXURFnoc1y47DqXRcrPLj0gHdq/uwG+5BnCfRiLfcx0t5kcqnPomlhmTje5pM1De14= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176217723034684.36412181939568; Mon, 3 Nov 2025 05:40:30 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumF-0005jb-3P; Mon, 03 Nov 2025 08:39:21 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFum3-0005gm-T5 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:09 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFum0-0004Qi-6V for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:07 -0500 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-610-tsw_t9N_M0GS-KnRiYz-pw-1; Mon, 03 Nov 2025 08:38:56 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1BB2D18001DD; Mon, 3 Nov 2025 13:38:55 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CEF261800576; Mon, 3 Nov 2025 13:38:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177139; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dxgSGrNVPJx4zV35lSkFTwV9rXYV0tVzZsmvfz4h+iA=; b=LqReEUN0He6Ul2hef1L5EBGxbNDmD7caS5IawElF4Mlyd+9TTNW83EeK7qTlkV3sDOUkCb 5BExy3wV+wJjh9F8po+Ut/5xdpkaN1NoJalo09p8FHrXN6UNgYL8SN30CEadaxQFEbcN3w ddLI0RZGMFFcq80ZgQVGFld5q2NJXUE= X-MC-Unique: tsw_t9N_M0GS-KnRiYz-pw-1 X-Mimecast-MFC-AGG-ID: tsw_t9N_M0GS-KnRiYz-pw_1762177135 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 10/32] crypto: bump min nettle to 3.7.3 Date: Mon, 3 Nov 2025 13:37:04 +0000 Message-ID: <20251103133727.423041-11-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177232435154100 Per repology, current shipping versions are: RHEL-9: 3.10.1 Debian 13: 3.10.1 openSUSE Leap 15: 3.9.1 Ubuntu LTS 22.04: 3.7.3 FreeBSD: 3.10.2 Fedora 42: 3.10.2 OpenBSD: 3.10.2 macOS HomeBrew: 3.10.2 Ubuntu 22.04 is our oldest constraint at this time. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index ab1ff373e6..ad0aa6ccc0 100644 --- a/meson.build +++ b/meson.build @@ -1869,7 +1869,7 @@ if not gnutls.found() crypto_sm3 =3D gcrypt endif if (not get_option('nettle').auto() or have_system) and not gcrypt.found= () - nettle =3D dependency('nettle', version: '>=3D3.4', + nettle =3D dependency('nettle', version: '>=3D3.7.3', method: 'pkg-config', required: get_option('nettle')) if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: = nettle) --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177360; cv=none; d=zohomail.com; s=zohoarc; b=enLWHXV41P8KimnA7LBIYzviKeQVTDEtOaGychbqN+E1JRlkkdNzBFPhbTLbvcUU2hul9TGO272aZ07/iz4/dh5ijNe43xZM9Q+rj4tB8YQpoWnjON0Bf31Yd+6si9lA2hUF7felXw1pgAdfYWVrmrsT++jPyuhX1shsKZiYxx8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177360; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=abBJDIunTJvrYpyxMj9h3VkaYZbvrHDOp7KTl753n9Q=; b=PbbHSdmUrX5TCaNha2N9cVRQcP55+pknqk1YuK0G1QqhHh5BrCEn6m61OnSBYX2178svgt7gYXgit+YjYZjUGE48hIX6KSoKcELu3zkDJA/g5/ppK08yOYFgAJGMd//tHw8mVJgirtYt6yatpfjWqnpcbcZtLeGIqmGwUbB0SFk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176217736088897.88190114643396; Mon, 3 Nov 2025 05:42:40 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumK-0005wi-BK; Mon, 03 Nov 2025 08:39:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumG-0005pT-Km for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:21 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFum4-0004Qz-TZ for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:20 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-154-xLuoNVC6PuSkq42TFxpS5Q-1; Mon, 03 Nov 2025 08:39:03 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 144BD180065F; Mon, 3 Nov 2025 13:39:02 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id AB37F1800578; Mon, 3 Nov 2025 13:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177146; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=abBJDIunTJvrYpyxMj9h3VkaYZbvrHDOp7KTl753n9Q=; b=MxN2TQ/EDJBwRek+fR65EUVb4PmBFNEmvOSKxff/tMbTn4t/fRfxytZnIJNSfvCJZ+oGMg WGwLJ4zDk7zlR615rKIZsGf85ho+z2SKHayi8DmExnCX5i3JltbtDJtUCAwY2wRLcVHKhR nRVzzamhHXbSjmMr5oM20xbUgNudjFU= X-MC-Unique: xLuoNVC6PuSkq42TFxpS5Q-1 X-Mimecast-MFC-AGG-ID: xLuoNVC6PuSkq42TFxpS5Q_1762177142 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 11/32] crypto: drop in-tree XTS cipher mode impl Date: Mon, 3 Nov 2025 13:37:05 +0000 Message-ID: <20251103133727.423041-12-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177361622154100 nettle included XTS in 3.4.1, so with the new min version we no longer require the in-tree XTS cipher mode impl. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/cipher-nettle.c.inc | 44 --- crypto/meson.build | 3 - crypto/xts.c | 250 ----------------- include/crypto/xts.h | 82 ------ meson.build | 8 - tests/unit/meson.build | 3 - tests/unit/test-crypto-xts.c | 529 ----------------------------------- 7 files changed, 919 deletions(-) delete mode 100644 crypto/xts.c delete mode 100644 include/crypto/xts.h delete mode 100644 tests/unit/test-crypto-xts.c diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index ae91363772..1afdc391b4 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -18,10 +18,6 @@ * */ =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -#include "crypto/xts.h" -#endif - #include #include #include @@ -30,9 +26,7 @@ #include #include #include -#ifndef CONFIG_QEMU_PRIVATE_XTS #include -#endif #ifdef CONFIG_CRYPTO_SM4 #include #endif @@ -154,43 +148,6 @@ static const struct QCryptoCipherDriver NAME##_driver_= ctr =3D { \ }; =20 =20 -#ifdef CONFIG_QEMU_PRIVATE_XTS -#define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ -static void NAME##_xts_wrape(const void *ctx, size_t length, \ - uint8_t *dst, const uint8_t *src) \ -{ \ - ENCRYPT((const void *)ctx, length, dst, src); \ -} \ -static void NAME##_xts_wrapd(const void *ctx, size_t length, \ - uint8_t *dst, const uint8_t *src) \ -{ \ - DECRYPT((const void *)ctx, length, dst, src); \ -} \ -static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ - void *out, size_t len, Error **errp) \ -{ \ - TYPE *ctx =3D container_of(cipher, TYPE, base); \ - if (!qcrypto_length_check(len, BLEN, errp)) { \ - return -1; \ - } \ - xts_encrypt(&ctx->key, &ctx->key_xts, \ - NAME##_xts_wrape, NAME##_xts_wrapd, \ - ctx->iv, len, out, in); \ - return 0; \ -} \ -static int NAME##_decrypt_xts(QCryptoCipher *cipher, const void *in, \ - void *out, size_t len, Error **errp) \ -{ \ - TYPE *ctx =3D container_of(cipher, TYPE, base); \ - if (!qcrypto_length_check(len, BLEN, errp)) { \ - return -1; \ - } \ - xts_decrypt(&ctx->key, &ctx->key_xts, \ - NAME##_xts_wrape, NAME##_xts_wrapd, \ - ctx->iv, len, out, in); \ - return 0; \ -} -#else #define DEFINE__XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ static int NAME##_encrypt_xts(QCryptoCipher *cipher, const void *in, \ void *out, size_t len, Error **errp) \ @@ -214,7 +171,6 @@ static int NAME##_decrypt_xts(QCryptoCipher *cipher, co= nst void *in, \ ctx->iv, len, out, in); \ return 0; \ } -#endif =20 #define DEFINE_XTS(NAME, TYPE, BLEN, ENCRYPT, DECRYPT) \ QEMU_BUILD_BUG_ON(BLEN !=3D XTS_BLOCK_SIZE); \ diff --git a/crypto/meson.build b/crypto/meson.build index dd61ed9174..110c347033 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -33,9 +33,6 @@ if nettle.found() if hogweed.found() crypto_ss.add(gmp, hogweed) endif - if xts =3D=3D 'private' - crypto_ss.add(files('xts.c')) - endif elif gcrypt.found() crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcr= ypt.c')) elif gnutls.found() diff --git a/crypto/xts.c b/crypto/xts.c deleted file mode 100644 index d4a49fdb70..0000000000 --- a/crypto/xts.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#include "qemu/osdep.h" -#include "qemu/bswap.h" -#include "crypto/xts.h" - -typedef union { - uint8_t b[XTS_BLOCK_SIZE]; - uint64_t u[2]; -} xts_uint128; - -static inline void xts_uint128_xor(xts_uint128 *D, - const xts_uint128 *S1, - const xts_uint128 *S2) -{ - D->u[0] =3D S1->u[0] ^ S2->u[0]; - D->u[1] =3D S1->u[1] ^ S2->u[1]; -} - -static inline void xts_uint128_cpu_to_les(xts_uint128 *v) -{ - cpu_to_le64s(&v->u[0]); - cpu_to_le64s(&v->u[1]); -} - -static inline void xts_uint128_le_to_cpus(xts_uint128 *v) -{ - le64_to_cpus(&v->u[0]); - le64_to_cpus(&v->u[1]); -} - -static void xts_mult_x(xts_uint128 *I) -{ - uint64_t tt; - - xts_uint128_le_to_cpus(I); - - tt =3D I->u[0] >> 63; - I->u[0] <<=3D 1; - - if (I->u[1] >> 63) { - I->u[0] ^=3D 0x87; - } - I->u[1] <<=3D 1; - I->u[1] |=3D tt; - - xts_uint128_cpu_to_les(I); -} - - -/** - * xts_tweak_encdec: - * @param ctxt: the cipher context - * @param func: the cipher function - * @src: buffer providing the input text of XTS_BLOCK_SIZE bytes - * @dst: buffer to output the output text of XTS_BLOCK_SIZE bytes - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * - * Encrypt/decrypt data with a tweak - */ -static inline void xts_tweak_encdec(const void *ctx, - xts_cipher_func *func, - const xts_uint128 *src, - xts_uint128 *dst, - xts_uint128 *iv) -{ - /* tweak encrypt block i */ - xts_uint128_xor(dst, src, iv); - - func(ctx, XTS_BLOCK_SIZE, dst->b, dst->b); - - xts_uint128_xor(dst, dst, iv); - - /* LFSR the tweak */ - xts_mult_x(iv); -} - - -void xts_decrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - xts_uint128 PP, CC, T; - unsigned long i, m, mo, lim; - - /* get number of blocks */ - m =3D length >> 4; - mo =3D length & 15; - - /* must have at least one full block */ - g_assert(m !=3D 0); - - if (mo =3D=3D 0) { - lim =3D m; - } else { - lim =3D m - 1; - } - - /* encrypt the iv */ - encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv); - - if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) && - QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) { - xts_uint128 *S =3D (xts_uint128 *)src; - xts_uint128 *D =3D (xts_uint128 *)dst; - for (i =3D 0; i < lim; i++, S++, D++) { - xts_tweak_encdec(datactx, decfunc, S, D, &T); - } - } else { - xts_uint128 D; - - for (i =3D 0; i < lim; i++) { - memcpy(&D, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, decfunc, &D, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - src +=3D XTS_BLOCK_SIZE; - dst +=3D XTS_BLOCK_SIZE; - } - } - - /* if length is not a multiple of XTS_BLOCK_SIZE then */ - if (mo > 0) { - xts_uint128 S, D; - memcpy(&CC, &T, XTS_BLOCK_SIZE); - xts_mult_x(&CC); - - /* PP =3D tweak decrypt block m-1 */ - memcpy(&S, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, decfunc, &S, &PP, &CC); - - /* Pm =3D first length % XTS_BLOCK_SIZE bytes of PP */ - for (i =3D 0; i < mo; i++) { - CC.b[i] =3D src[XTS_BLOCK_SIZE + i]; - dst[XTS_BLOCK_SIZE + i] =3D PP.b[i]; - } - for (; i < XTS_BLOCK_SIZE; i++) { - CC.b[i] =3D PP.b[i]; - } - - /* Pm-1 =3D Tweak uncrypt CC */ - xts_tweak_encdec(datactx, decfunc, &CC, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - } - - /* Decrypt the iv back */ - decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b); -} - - -void xts_encrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - xts_uint128 PP, CC, T; - unsigned long i, m, mo, lim; - - /* get number of blocks */ - m =3D length >> 4; - mo =3D length & 15; - - /* must have at least one full block */ - g_assert(m !=3D 0); - - if (mo =3D=3D 0) { - lim =3D m; - } else { - lim =3D m - 1; - } - - /* encrypt the iv */ - encfunc(tweakctx, XTS_BLOCK_SIZE, T.b, iv); - - if (QEMU_PTR_IS_ALIGNED(src, sizeof(uint64_t)) && - QEMU_PTR_IS_ALIGNED(dst, sizeof(uint64_t))) { - xts_uint128 *S =3D (xts_uint128 *)src; - xts_uint128 *D =3D (xts_uint128 *)dst; - for (i =3D 0; i < lim; i++, S++, D++) { - xts_tweak_encdec(datactx, encfunc, S, D, &T); - } - } else { - xts_uint128 D; - - for (i =3D 0; i < lim; i++) { - memcpy(&D, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, encfunc, &D, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - - dst +=3D XTS_BLOCK_SIZE; - src +=3D XTS_BLOCK_SIZE; - } - } - - /* if length is not a multiple of XTS_BLOCK_SIZE then */ - if (mo > 0) { - xts_uint128 S, D; - /* CC =3D tweak encrypt block m-1 */ - memcpy(&S, src, XTS_BLOCK_SIZE); - xts_tweak_encdec(datactx, encfunc, &S, &CC, &T); - - /* Cm =3D first length % XTS_BLOCK_SIZE bytes of CC */ - for (i =3D 0; i < mo; i++) { - PP.b[i] =3D src[XTS_BLOCK_SIZE + i]; - dst[XTS_BLOCK_SIZE + i] =3D CC.b[i]; - } - - for (; i < XTS_BLOCK_SIZE; i++) { - PP.b[i] =3D CC.b[i]; - } - - /* Cm-1 =3D Tweak encrypt PP */ - xts_tweak_encdec(datactx, encfunc, &PP, &D, &T); - memcpy(dst, &D, XTS_BLOCK_SIZE); - } - - /* Decrypt the iv back */ - decfunc(tweakctx, XTS_BLOCK_SIZE, iv, T.b); -} diff --git a/include/crypto/xts.h b/include/crypto/xts.h deleted file mode 100644 index f267b7824a..0000000000 --- a/include/crypto/xts.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2016 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#ifndef QCRYPTO_XTS_H -#define QCRYPTO_XTS_H - - -#define XTS_BLOCK_SIZE 16 - -typedef void xts_cipher_func(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src); - -/** - * xts_decrypt: - * @datactx: the cipher context for data decryption - * @tweakctx: the cipher context for tweak decryption - * @encfunc: the cipher function for encryption - * @decfunc: the cipher function for decryption - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * @length: the length of @dst and @src - * @dst: buffer to hold the decrypted plaintext - * @src: buffer providing the ciphertext - * - * Decrypts @src into @dst - */ -void xts_decrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src); - -/** - * xts_decrypt: - * @datactx: the cipher context for data encryption - * @tweakctx: the cipher context for tweak encryption - * @encfunc: the cipher function for encryption - * @decfunc: the cipher function for decryption - * @iv: the initialization vector tweak of XTS_BLOCK_SIZE bytes - * @length: the length of @dst and @src - * @dst: buffer to hold the encrypted ciphertext - * @src: buffer providing the plaintext - * - * Decrypts @src into @dst - */ -void xts_encrypt(const void *datactx, - const void *tweakctx, - xts_cipher_func *encfunc, - xts_cipher_func *decfunc, - uint8_t *iv, - size_t length, - uint8_t *dst, - const uint8_t *src); - - -#endif /* QCRYPTO_XTS_H */ diff --git a/meson.build b/meson.build index ad0aa6ccc0..b8c1296d3b 100644 --- a/meson.build +++ b/meson.build @@ -1846,7 +1846,6 @@ nettle =3D not_found hogweed =3D not_found crypto_sm4 =3D not_found crypto_sm3 =3D not_found -xts =3D 'none' =20 if get_option('nettle').enabled() and get_option('gcrypt').enabled() error('Only one of gcrypt & nettle can be enabled') @@ -1872,9 +1871,6 @@ if not gnutls.found() nettle =3D dependency('nettle', version: '>=3D3.7.3', method: 'pkg-config', required: get_option('nettle')) - if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: = nettle) - xts =3D 'private' - endif crypto_sm4 =3D nettle # SM4 ALG is available in nettle >=3D 3.9 if nettle.found() and not cc.links(''' @@ -2566,7 +2562,6 @@ config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found()) config_host_data.set('CONFIG_CRYPTO_SM3', crypto_sm3.found()) config_host_data.set('CONFIG_HOGWEED', hogweed.found()) -config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts =3D=3D 'private') config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim) config_host_data.set('CONFIG_ZSTD', zstd.found()) config_host_data.set('CONFIG_QPL', qpl.found()) @@ -4862,9 +4857,6 @@ if gnutls.found() endif summary_info +=3D {'libgcrypt': gcrypt} summary_info +=3D {'nettle': nettle} -if nettle.found() - summary_info +=3D {' XTS': xts !=3D 'private'} -endif summary_info +=3D {'SM4 ALG support': crypto_sm4} summary_info +=3D {'SM3 ALG support': crypto_sm3} summary_info +=3D {'AF_ALG support': have_afalg} diff --git a/tests/unit/meson.build b/tests/unit/meson.build index d5248ae51d..bd58029060 100644 --- a/tests/unit/meson.build +++ b/tests/unit/meson.build @@ -110,9 +110,6 @@ if have_block if pam.found() tests +=3D {'test-authz-pam': [authz]} endif - if xts =3D=3D 'private' - tests +=3D {'test-crypto-xts': [crypto, io]} - endif if host_os !=3D 'windows' tests +=3D { 'test-image-locking': [testblock], diff --git a/tests/unit/test-crypto-xts.c b/tests/unit/test-crypto-xts.c deleted file mode 100644 index 7acbc956fd..0000000000 --- a/tests/unit/test-crypto-xts.c +++ /dev/null @@ -1,529 +0,0 @@ -/* - * QEMU Crypto XTS cipher mode - * - * Copyright (c) 2015-2018 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - * - * This code is originally derived from public domain / WTFPL code in - * LibTomCrypt crytographic library http://libtom.org. The XTS code - * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) - * to the LibTom Projects - * - */ - -#include "qemu/osdep.h" -#include "crypto/init.h" -#include "crypto/xts.h" -#include "crypto/aes.h" - -typedef struct { - const char *path; - int keylen; - unsigned char key1[32]; - unsigned char key2[32]; - uint64_t seqnum; - unsigned long PTLEN; - unsigned char PTX[512], CTX[512]; -} QCryptoXTSTestData; - -static const QCryptoXTSTestData test_data[] =3D { - /* #1 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-1-key-32-ptx-32", - 32, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - 0, - 32, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, - 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, - 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, - 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, - }, - - /* #2, 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-2-key-32-ptx-32", - 32, - { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 }, - { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, - 0x3333333333LL, - 32, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, - 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, - 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, - 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, - }, - - /* #5 from xts.7, 32 byte key, 32 byte PTX */ - { - "/crypto/xts/t-5-key-32-ptx-32", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 32, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37, - 0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28, - 0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f, - 0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 }, - }, - - /* #4, 32 byte key, 512 byte PTX */ - { - "/crypto/xts/t-4-key-32-ptx-512", - 32, - { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, - 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 }, - { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, - 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 }, - 0, - 512, - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, - }, - { - 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76, - 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2, - 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25, - 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c, - 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f, - 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00, - 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad, - 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12, - 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5, - 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5, - 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc, - 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce, - 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4, - 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84, - 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a, - 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65, - 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89, - 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51, - 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15, - 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8, - 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed, - 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91, - 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e, - 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34, - 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b, - 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5, - 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4, - 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c, - 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd, - 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3, - 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f, - 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e, - 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91, - 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19, - 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1, - 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc, - 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed, - 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde, - 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98, - 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3, - 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca, - 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6, - 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc, - 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44, - 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0, - 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95, - 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4, - 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd, - 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13, - 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7, - 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a, - 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52, - 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a, - 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38, - 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e, - 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e, - 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad, - 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8, - 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c, - 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d, - 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f, - 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2, - 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea, - 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68, - } - }, - - /* #7, 32 byte key, 17 byte PTX */ - { - "/crypto/xts/t-7-key-32-ptx-17", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 17, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 }, - { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d, - 0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed }, - }, - - /* #15, 32 byte key, 25 byte PTX */ - { - "/crypto/xts/t-15-key-32-ptx-25", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 25, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 }, - { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b, - 0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22, - 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 }, - }, - - /* #21, 32 byte key, 31 byte PTX */ - { - "/crypto/xts/t-21-key-32-ptx-31", - 32, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 }, - { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, - 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 }, - 0x123456789aLL, - 31, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e }, - { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b, - 0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4, - 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, - 0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 }, - }, -}; - -#define STORE64L(x, y) \ - do { \ - (y)[7] =3D (unsigned char)(((x) >> 56) & 255); \ - (y)[6] =3D (unsigned char)(((x) >> 48) & 255); \ - (y)[5] =3D (unsigned char)(((x) >> 40) & 255); \ - (y)[4] =3D (unsigned char)(((x) >> 32) & 255); \ - (y)[3] =3D (unsigned char)(((x) >> 24) & 255); \ - (y)[2] =3D (unsigned char)(((x) >> 16) & 255); \ - (y)[1] =3D (unsigned char)(((x) >> 8) & 255); \ - (y)[0] =3D (unsigned char)((x) & 255); \ - } while (0) - -struct TestAES { - AES_KEY enc; - AES_KEY dec; -}; - -static void test_xts_aes_encrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const struct TestAES *aesctx =3D ctx; - - AES_encrypt(src, dst, &aesctx->enc); -} - - -static void test_xts_aes_decrypt(const void *ctx, - size_t length, - uint8_t *dst, - const uint8_t *src) -{ - const struct TestAES *aesctx =3D ctx; - - AES_decrypt(src, dst, &aesctx->dec); -} - - -static void test_xts(const void *opaque) -{ - const QCryptoXTSTestData *data =3D opaque; - uint8_t out[512], Torg[16], T[16]; - uint64_t seq; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - memcpy(T, Torg, sizeof(T)); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->PTX); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - memcpy(T, Torg, sizeof(T)); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->CTX); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); -} - - -static void test_xts_split(const void *opaque) -{ - const QCryptoXTSTestData *data =3D opaque; - uint8_t out[512], Torg[16], T[16]; - uint64_t seq; - unsigned long len =3D data->PTLEN / 2; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - memcpy(T, Torg, sizeof(T)); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->PTX); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->PTX[len]); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - memcpy(T, Torg, sizeof(T)); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->CTX); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->CTX[len]); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); -} - - -static void test_xts_unaligned(const void *opaque) -{ -#define BAD_ALIGN 3 - const QCryptoXTSTestData *data =3D opaque; - uint8_t in[512 + BAD_ALIGN], out[512 + BAD_ALIGN]; - uint8_t Torg[16], T[16 + BAD_ALIGN]; - uint64_t seq; - struct TestAES aesdata; - struct TestAES aestweak; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq =3D data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - /* IV not aligned */ - memcpy(T + BAD_ALIGN, Torg, 16); - memcpy(in, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T + BAD_ALIGN, data->PTLEN, out, in); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - /* plain text not aligned */ - memcpy(T, Torg, 16); - memcpy(in + BAD_ALIGN, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, in + BAD_ALIGN); - - g_assert(memcmp(out, data->CTX, data->PTLEN) =3D=3D 0); - - /* cipher text not aligned */ - memcpy(T, Torg, 16); - memcpy(in, data->PTX, data->PTLEN); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out + BAD_ALIGN, in); - - g_assert(memcmp(out + BAD_ALIGN, data->CTX, data->PTLEN) =3D=3D 0); - - - /* IV not aligned */ - memcpy(T + BAD_ALIGN, Torg, 16); - memcpy(in, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T + BAD_ALIGN, data->PTLEN, out, in); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); - - /* cipher text not aligned */ - memcpy(T, Torg, 16); - memcpy(in + BAD_ALIGN, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, in + BAD_ALIGN); - - g_assert(memcmp(out, data->PTX, data->PTLEN) =3D=3D 0); - - /* plain text not aligned */ - memcpy(T, Torg, 16); - memcpy(in, data->CTX, data->PTLEN); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out + BAD_ALIGN, in); - - g_assert(memcmp(out + BAD_ALIGN, data->PTX, data->PTLEN) =3D=3D 0); -} - - -int main(int argc, char **argv) -{ - size_t i; - - g_test_init(&argc, &argv, NULL); - - g_assert(qcrypto_init(NULL) =3D=3D 0); - - for (i =3D 0; i < G_N_ELEMENTS(test_data); i++) { - gchar *path =3D g_strdup_printf("%s/basic", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts); - g_free(path); - - /* skip the cases where the length is smaller than 2*blocklen - * or the length is not a multiple of 32 - */ - if ((test_data[i].PTLEN >=3D 32) && !(test_data[i].PTLEN % 32)) { - path =3D g_strdup_printf("%s/split", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts_split); - g_free(path); - } - - path =3D g_strdup_printf("%s/unaligned", test_data[i].path); - g_test_add_data_func(path, &test_data[i], test_xts_unaligned); - g_free(path); - } - - return g_test_run(); -} --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177203; cv=none; d=zohomail.com; s=zohoarc; b=TC0udVBHTwaP/apYCtbIvqrP/v1e9ABv62sgmfpJH49AiE/UfjK5PcNnBOxyhL+NRu98C2IfJDbkQ93VfXd6S6jRjXHbSQs17yuItr3N1F5DaWOIxISbFuAvAhSNP+31rxfGjh6ucHZ4ui2JWUQpfByJx4l9M+xFNMGTUK8YMtU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177203; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dXlhMf24msb4QmxjXAJv263wvcrp1Cy7Eu1TPVgVg50=; b=RfbCgaPm2EJZg0NMtL7/1uzBjg7zwDasR6KanVOjDmIsVC28C8Sf0HL5vqi+NOCC4aQ+MUfgDj6vDdxThBattMHQMq4jAaIWD2ATkxWS/GhWx6G2eAzW7o8mBORj9vct0SlS5jH5PeQsVO3eFawkD6T8czIrBletdii4IkiZS0M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177203279611.2556960696338; Mon, 3 Nov 2025 05:40:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumO-0006AX-Vg; Mon, 03 Nov 2025 08:39:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumM-00067T-7c for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:26 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumC-0004RL-LP for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:25 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-650-MHp1WjQPOzaXDf_QWIsTiw-1; Mon, 03 Nov 2025 08:39:10 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2AA351954B0D; Mon, 3 Nov 2025 13:39:09 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0BFCC1800576; Mon, 3 Nov 2025 13:39:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177153; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dXlhMf24msb4QmxjXAJv263wvcrp1Cy7Eu1TPVgVg50=; b=P7moU19mhuUrzHTEpO2cL0ThoRuMap10JLaAW+r4xavC6cmKRDfChLLBKnQTONpzQOpZNN +0fnHdIHvckILRDeEKpBIhZwxkM/T+MlKovmzaiNgqpKZmxmTPRK1IE+ENCj9qL1yw0fMU VJKGSSNu2hqgE+Ry9V12wSC61wGctf8= X-MC-Unique: MHp1WjQPOzaXDf_QWIsTiw-1 X-Mimecast-MFC-AGG-ID: MHp1WjQPOzaXDf_QWIsTiw_1762177149 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 12/32] crypto: remove redundant parameter checking CA certs Date: Mon, 3 Nov 2025 13:37:06 +0000 Message-ID: <20251103133727.423041-13-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177206196154100 The only caller of qcrypto_tls_creds_check_authority_chain always passes 'true' for the 'isCA' parameter. The point of this method is to check the CA chani, so no other value would ever make sense. Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index db2b74bafa..847fd4d9fa 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -315,7 +315,6 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCreds= X509 *creds, unsigned int ncacerts, const char *cacertFile, bool isServer, - bool isCA, Error **errp) { gnutls_x509_crt_t cert_to_check =3D certs[ncerts - 1]; @@ -356,7 +355,7 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCreds= X509 *creds, */ return qcrypto_tls_creds_check_cert( creds, cert_to_check, cacertFile, - isServer, isCA, errp); + isServer, true, errp); } for (int i =3D 0; i < ncacerts; i++) { if (gnutls_x509_crt_check_issuer(cert_to_check, @@ -370,7 +369,7 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCreds= X509 *creds, } =20 if (qcrypto_tls_creds_check_cert(creds, cert_issuer, cacertFile, - isServer, isCA, errp) < 0) { + isServer, true, errp) < 0) { return -1; } =20 @@ -534,7 +533,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, certs, ncerts, cacerts, ncacerts, cacertFile, isServer, - true, errp) < 0) { + errp) < 0) { goto cleanup; } =20 --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177243; cv=none; d=zohomail.com; s=zohoarc; b=V7DImWH1jHofgFrDmH8UznyeFeW6Pp1DTCRVtR07J3FMjwmRdRQIedd52zyDl3brLUNkdzh4iJ+Wfm7ND1GeyfcWyynROOaz9iWAIBfDsbT6UDWRMGfUzma+0c25+bS58wO4FuRHqBtuOHBrG61MA8+eXzsR4TaCnmjbp4FWPsY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177243; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Q++GOK7kzFA57zF993UBffj8wBuz3O0ZZDc/7QHDWBI=; b=ihxdU4FvBWbzxX3FmCTf6CD/yW/Jzh7qYQcDO65Vos4ZXbuqZa4SerVK8LKr7u5BbMFdTyuFe36B7K6+tyf1XzeBVgE1dYogFT9HCrk7ss2Neegbi7BWpOPthW9P7FZaKKoeM3m4cWsBCjwed7LzVe7P7GRE5GQ+33vKBPmFrCw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177243346936.0025612584686; Mon, 3 Nov 2025 05:40:43 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumR-0006GJ-VD; Mon, 03 Nov 2025 08:39:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumM-00066q-KF for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:26 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumH-0004RU-CB for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:25 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-364-v5Q5mDZBPQmzNyQzpvvCzQ-1; Mon, 03 Nov 2025 08:39:14 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3367C195608E; Mon, 3 Nov 2025 13:39:13 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 95BC61800451; Mon, 3 Nov 2025 13:39:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177157; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q++GOK7kzFA57zF993UBffj8wBuz3O0ZZDc/7QHDWBI=; b=cDW7m3eTi7olKS3BTwdo19hdSAHSOEp361cDavVNtqB4lHI4tbvujVJ0Mec0LPOzmR7quh Hk/8x/OlcRIcXy/AfbGXb1IQSSweN+k32uMwEFdXhE7dIrPJG9NWujGNF/shiYmc0VXTrV 2ZGHmh0zghfq0YtEfjIME36Ge5w+2og= X-MC-Unique: v5Q5mDZBPQmzNyQzpvvCzQ-1 X-Mimecast-MFC-AGG-ID: v5Q5mDZBPQmzNyQzpvvCzQ_1762177153 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 13/32] crypto: add missing free of certs array Date: Mon, 3 Nov 2025 13:37:07 +0000 Message-ID: <20251103133727.423041-14-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177246658158500 Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 847fd4d9fa..75c70af522 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -550,6 +550,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, for (i =3D 0; i < ncerts; i++) { gnutls_x509_crt_deinit(certs[i]); } + g_free(certs); for (i =3D 0; i < ncacerts; i++) { gnutls_x509_crt_deinit(cacerts[i]); } --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177441; cv=none; d=zohomail.com; s=zohoarc; b=myC16LeUmI50PZBdxoGg+6iav1KJ1KajKVZvO1GwELbJMeAUSqKORxw2ccfRe1+0y0Fb7vlxoFdXOVlpLWrpiE/oHe6bpn7pM3DbEmbx6AHc1mCREUCgCDig647YXmi+b8iOyi2CHWiPqAaqIz1VkL+5+J9uCp1ylz9Y6uDbWSY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177441; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nHyhvhgyNT6cXF0IBfGD44wT8AzFPpiFP5a046hDfSQ=; b=ISSwClfbhXDaf5/wzawR/5/DensB5/WZF3QYYS8+ZsiuY3cF8axuQ3xvl7aoucjXx+FYFud+JT0QqKs6zyxC3AHiFM05Ou9BF3YCbr6r+XTg54gBDZNMDXwFIorn5R1qX6K98I+vgDXiV5ntV3ofBAnz4/rYEXHhUQ1KiLEXpc0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177441650402.57527475382153; Mon, 3 Nov 2025 05:44:01 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumS-0006Ge-HD; Mon, 03 Nov 2025 08:39:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumQ-0006Eq-CJ for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:30 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumI-0004RW-PF for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:30 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-392-_qlNoOqmOo2JPvZtgUejgw-1; Mon, 03 Nov 2025 08:39:17 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 79D6419560AF; Mon, 3 Nov 2025 13:39:16 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 993FD1800451; Mon, 3 Nov 2025 13:39:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177159; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nHyhvhgyNT6cXF0IBfGD44wT8AzFPpiFP5a046hDfSQ=; b=LdqX7va077ObE/+vhQxzyZsa8UmubAZyzZyQVO6hqKGoZD9EYHxehm/TBIrqn/z+hzI09g XMwHxAKJeEaxSPeZ2/nivXOBTXpe8enwemG2SoL2/cuQIHemGOLqDCrDR3T0xxd9dv5WL6 Fy1QLazniC0JEhrTFd0XPSyWb5p/QmA= X-MC-Unique: _qlNoOqmOo2JPvZtgUejgw-1 X-Mimecast-MFC-AGG-ID: _qlNoOqmOo2JPvZtgUejgw_1762177156 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 14/32] crypto: replace stat() with access() for credential checks Date: Mon, 3 Nov 2025 13:37:08 +0000 Message-ID: <20251103133727.423041-15-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177442344154100 Readability of the credential files is what matters for our usage, so access() is more appropriate than stat(). Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 9e59594d67..208a7e6d8f 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -100,7 +100,6 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, char **cred, Error **errp) { - struct stat sb; int ret =3D -1; =20 if (!creds->dir) { @@ -114,7 +113,7 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, =20 *cred =3D g_strdup_printf("%s/%s", creds->dir, filename); =20 - if (stat(*cred, &sb) < 0) { + if (access(*cred, R_OK) < 0) { if (errno =3D=3D ENOENT && !required) { ret =3D 0; } else { --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177342; cv=none; d=zohomail.com; s=zohoarc; b=lqhHkANzLkmRO3G+Zfap7dcE3ycL5D5r25rS1TgTsHUQ5ysQx37jpZJLmeXNv0706WMEvw+noPuuj/Fi4Lp0c6EJjYek0PMG1v8iQHFlvWmgZlTrMnjZyoikGa6SbgxMb8N3GCqsgBGciC+Bxd+2y1BkwkFGq9zJQbcJcnjywtY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177342; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dEzRblGQm+VVhtDMmbAgUFNTONwOkmOo7gP4OwV9Y8s=; b=N5SMDYQ3kD4b/prG6lY2ROxyESqjJ12BA2lzSAuIxLgFw3Dp3xaBVc6XS7UkqMVugm1pfQ18ACRReI+f6NnuIJ85oTkApVNTPy0qviLMcV0/jvaAR3XdjJtjLbXBN1VTrsTAt22npFJro33lcr133KioZZwknHJmgylTFNyv/L0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177342959435.1357139716422; Mon, 3 Nov 2025 05:42:22 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumZ-0006Nk-1z; Mon, 03 Nov 2025 08:39:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumX-0006Kt-Rs for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:37 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumQ-0004Rl-Hx for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:36 -0500 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-673-IzoTQQQbPhqxYD7mDs7tKg-1; Mon, 03 Nov 2025 08:39:21 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 358E518002C1; Mon, 3 Nov 2025 13:39:20 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1A24D1800578; Mon, 3 Nov 2025 13:39:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dEzRblGQm+VVhtDMmbAgUFNTONwOkmOo7gP4OwV9Y8s=; b=bfxj7jwYNySwLxe0GDXD0XfPZaL3QzY7HNzpnQ8ZgyINS9w04MNkoLiRREffe8fpQpnqVO DQHF1ll5ZLeQ6u4cP5ymt9NvjPKfw3AheZH3eWwHTemLMEbUT+vcAcmCaeow0X6IugKgfL XzRgI4WaS+ymHUFdqSlO3Yq66w7L4oc= X-MC-Unique: IzoTQQQbPhqxYD7mDs7tKg-1 X-Mimecast-MFC-AGG-ID: IzoTQQQbPhqxYD7mDs7tKg_1762177160 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 15/32] crypto: remove redundant access() checks before loading certs Date: Mon, 3 Nov 2025 13:37:09 +0000 Message-ID: <20251103133727.423041-16-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177343588158500 The qcrypto_tls_creds_get_path method will perform an access() check on the file and return a NULL path if it fails. By the time we get to loading the cert files we know they must exist on disk and thus the second access() check is redundant. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 75c70af522..0acb17b6ec 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -496,8 +496,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, size_t i; int ret =3D -1; =20 - if (certFile && - access(certFile, R_OK) =3D=3D 0) { + if (certFile) { if (qcrypto_tls_creds_load_cert_list(creds, certFile, &certs, @@ -508,16 +507,15 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX5= 09 *creds, goto cleanup; } } - if (access(cacertFile, R_OK) =3D=3D 0) { - if (qcrypto_tls_creds_load_cert_list(creds, - cacertFile, - &cacerts, - &ncacerts, - isServer, - true, - errp) < 0) { - goto cleanup; - } + + if (qcrypto_tls_creds_load_cert_list(creds, + cacertFile, + &cacerts, + &ncacerts, + isServer, + true, + errp) < 0) { + goto cleanup; } =20 for (i =3D 0; i < ncerts; i++) { --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177263; cv=none; d=zohomail.com; s=zohoarc; b=cg1SMQrAcSA31KZz9ejfS88YorpDQbkmQDeGEOkAk9gl8tgRccWh9ZCvAaH3t6MGySHHOIyA5+BcCRfAfSxgQ46qtRkOCFuEdr6tdAxJiEkLRXrUBtkkJo++kRI01ZtFM784B5qN+ROQQTYUiJUD1/IAHjshFRwJ0lw2Wx+x9/w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177263; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=yYzFVdyQx4+s885d562tBH7SsovIM/PFFlwJAu1ybxA=; b=LmJzqgiE0LWeZwZbTZ+Ovg8siANzrFm3SRztPLwkazfK6eVs7MP3mwqHkQccDHAbYnUB8mBRQM1KbSQ0ZOpybad3jM99Y8r1SGL2C2MA/nzujGHwGPOt53E3FXTNb1gJpdC0Y4baxufQ51a7yeHCKA9SW8MOBcQV9A/zWSb8itc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177263316327.9726079318225; Mon, 3 Nov 2025 05:41:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumf-0006XC-B5; Mon, 03 Nov 2025 08:39:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumb-0006RH-2a for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumT-0004ST-I5 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:40 -0500 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-391-kUItlQC2OKmMGitaJZNZrQ-1; Mon, 03 Nov 2025 08:39:30 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 32C9818002EC; Mon, 3 Nov 2025 13:39:29 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E70861800451; Mon, 3 Nov 2025 13:39:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yYzFVdyQx4+s885d562tBH7SsovIM/PFFlwJAu1ybxA=; b=CBm8IbVsoGbRuRTWc3bCM/R9srt+yOKn9XO49TiLhCMxHQC7NPtgIuvw2L70MDU1UFh6S9 FhsOlRGGhgnKxw9wxCrcLUih68J5FPhUMVQXrfDsn6eq3mv1gHxfkAKAnXXR+RqnhXjfyI JRrBAJNixmCOwCKd38bfN2svxYmiKLM= X-MC-Unique: kUItlQC2OKmMGitaJZNZrQ-1 X-Mimecast-MFC-AGG-ID: kUItlQC2OKmMGitaJZNZrQ_1762177169 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 16/32] crypto: move check for TLS creds 'dir' property Date: Mon, 3 Nov 2025 13:37:10 +0000 Message-ID: <20251103133727.423041-17-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177264828158500 The check for the 'dir' property is being repeated for every credential file to be loaded, but this results in incorrect logic for optional credentials. The 'dir' property is mandatory for PSK and x509 creds, even if some individual files are optional. Address this by separating the check for the 'dir' property. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 9 --------- crypto/tlscredsanon.c | 3 ++- crypto/tlscredspsk.c | 5 +++++ crypto/tlscredsx509.c | 8 ++++++-- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 208a7e6d8f..65e97ddd11 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -102,15 +102,6 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, { int ret =3D -1; =20 - if (!creds->dir) { - if (required) { - error_setg(errp, "Missing 'dir' property value"); - return -1; - } else { - return 0; - } - } - *cred =3D g_strdup_printf("%s/%s", creds->dir, filename); =20 if (access(*cred, R_OK) < 0) { diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 44af9e6c9a..bc3351b5d6 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -43,7 +43,8 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, creds->parent_obj.dir ? creds->parent_obj.dir : ""); =20 if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { - if (qcrypto_tls_creds_get_path(&creds->parent_obj, + if (creds->parent_obj.dir && + qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_DH_PARAMS, false, &dhparams, errp) < 0) { return -1; diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 5b68a6b7ba..545d3e45db 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -81,6 +81,11 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, trace_qcrypto_tls_creds_psk_load(creds, creds->parent_obj.dir ? creds->parent_obj.dir : ""); =20 + if (!creds->parent_obj.dir) { + error_setg(errp, "Missing 'dir' property value"); + goto cleanup; + } + if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { if (creds->username) { error_setg(errp, "username should not be set when endpoint=3Ds= erver"); diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 0acb17b6ec..8fe6cc8e93 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -567,8 +567,12 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, int ret; int rv =3D -1; =20 - trace_qcrypto_tls_creds_x509_load(creds, - creds->parent_obj.dir ? creds->parent_obj.dir : ""); + if (!creds->parent_obj.dir) { + error_setg(errp, "Missing 'dir' property value"); + return -1; + } + + trace_qcrypto_tls_creds_x509_load(creds, creds->parent_obj.dir); =20 if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { if (qcrypto_tls_creds_get_path(&creds->parent_obj, --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177328; cv=none; d=zohomail.com; s=zohoarc; b=lJYh4nX8ssEUk+v96O4ykjWqYzoZbSVmIoOySWe7Gf/LIXnr4nRvoAQi8W+dcfPdmhLnU2gJWuNBcENtZPn/LoqshkkTB6pXqK0DNuovO221+tZduED4AvbmH4taNK80f4vV9lwrX27Yepuq1PCg1odH2w9oNcr8iFGeWz/MDlU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177328; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=g+2AHSD/fhP8MDATc3HkDzZRbF7kdmX3uQ7pOxTFOpI=; b=BZ/Qblai/RB63hOluqjNlZ052ajYWk2A1lbgI8BD8JtwBN3KUSWwoYpM5hMEmeoYMmbC3H8bjE9KKMjmPLsucy61PtdUFPYlTL+fRX4x0fHyrKNMtqGpmN+vZgoY6tHzJMHPWBysUADFdfOSq0IlJjHhuKc3Rh90Nfq9BQa3w6Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177328617250.4103589709954; Mon, 3 Nov 2025 05:42:08 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFumv-0006oi-BR; Mon, 03 Nov 2025 08:40:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumt-0006jR-8D for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:59 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumi-0004TX-53 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:39:56 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-217-NijYfoOQOQqlPlV23YSwqw-1; Mon, 03 Nov 2025 08:39:38 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 571E61800365; Mon, 3 Nov 2025 13:39:37 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 317AC1800578; Mon, 3 Nov 2025 13:39:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=g+2AHSD/fhP8MDATc3HkDzZRbF7kdmX3uQ7pOxTFOpI=; b=fPbAsS2tlNO2gf6pXmg+A6Nj70M4352wUIYcumbcK9EzvPLJ91w15dlAtpcuqQ5xjxeVnA yKGh+Iky5r3RFBldQJ2yWUJuzSnrJu27ghMNJ6et1dJOO8i16XP96S7ekZjeT7YpI6oX9X nSMMf31lUwjdiUEDc9uUTY6xmmFVSwc= X-MC-Unique: NijYfoOQOQqlPlV23YSwqw-1 X-Mimecast-MFC-AGG-ID: NijYfoOQOQqlPlV23YSwqw_1762177177 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 17/32] crypto: use g_autofree when loading x509 credentials Date: Mon, 3 Nov 2025 13:37:11 +0000 Message-ID: <20251103133727.423041-18-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177329723154100 This allows removal of goto jumps during loading of the credentials and will simplify the diff in following commits. Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 8fe6cc8e93..6640159a5b 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -562,10 +562,12 @@ static int qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, Error **errp) { - char *cacert =3D NULL, *cacrl =3D NULL, *cert =3D NULL, - *key =3D NULL, *dhparams =3D NULL; + g_autofree char *cacert =3D NULL; + g_autofree char *cacrl =3D NULL; + g_autofree char *cert =3D NULL; + g_autofree char *key =3D NULL; + g_autofree char *dhparams =3D NULL; int ret; - int rv =3D -1; =20 if (!creds->parent_obj.dir) { error_setg(errp, "Missing 'dir' property value"); @@ -590,7 +592,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_DH_PARAMS, false, &dhparams, errp) < 0) { - goto cleanup; + return -1; } } else { if (qcrypto_tls_creds_get_path(&creds->parent_obj, @@ -602,7 +604,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, false, &key, errp) < 0) { - goto cleanup; + return -1; } } =20 @@ -610,14 +612,14 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, qcrypto_tls_creds_x509_sanity_check(creds, creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_S= ERVER, cacert, cert, errp) < 0) { - goto cleanup; + return -1; } =20 ret =3D gnutls_certificate_allocate_credentials(&creds->data); if (ret < 0) { error_setg(errp, "Cannot allocate credentials: '%s'", gnutls_strerror(ret)); - goto cleanup; + return -1; } =20 ret =3D gnutls_certificate_set_x509_trust_file(creds->data, @@ -626,16 +628,16 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, if (ret < 0) { error_setg(errp, "Cannot load CA certificate '%s': %s", cacert, gnutls_strerror(ret)); - goto cleanup; + return -1; } =20 if (cert !=3D NULL && key !=3D NULL) { - char *password =3D NULL; + g_autofree char *password =3D NULL; if (creds->passwordid) { password =3D qcrypto_secret_lookup_as_utf8(creds->passwordid, errp); if (!password) { - goto cleanup; + return -1; } } ret =3D gnutls_certificate_set_x509_key_file2(creds->data, @@ -643,11 +645,10 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, GNUTLS_X509_FMT_PEM, password, 0); - g_free(password); if (ret < 0) { error_setg(errp, "Cannot load certificate '%s' & key '%s': %s", cert, key, gnutls_strerror(ret)); - goto cleanup; + return -1; } } =20 @@ -658,7 +659,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, if (ret < 0) { error_setg(errp, "Cannot load CRL '%s': %s", cacrl, gnutls_strerror(ret)); - goto cleanup; + return -1; } } =20 @@ -666,20 +667,13 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhpar= ams, &creds->parent_obj.dh_par= ams, errp) < 0) { - goto cleanup; + return -1; } gnutls_certificate_set_dh_params(creds->data, creds->parent_obj.dh_params); } =20 - rv =3D 0; - cleanup: - g_free(cacert); - g_free(cacrl); - g_free(cert); - g_free(key); - g_free(dhparams); - return rv; + return 0; } =20 =20 --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177570; cv=none; d=zohomail.com; s=zohoarc; b=b7S/kQNctUaPWJdWVnQgJ2qpVXYc7riMhj5wmJFr6WSmgMY6SDCbCEM+2OFbJj4bGYap4cr7+ALCV6EJ15XrDCH6ysN75No4qicsRBjGoYZ6MM3NKOzWWR+WPSOSKfAJMQ5Sfgb58D/3X4ctfpK8LvsvxfXWULr2hWC1yTJ2whE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177570; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Rz0597T752t+EXC6+m+BZLgrp1S0OV3VZJw3WlRBiy8=; b=e/CL8BWOoeR4refoKV3ZpORgfBSl0Sv0DTkc2Ms3x11FcqwHGa1Qrmq6Myuw76N4qPIPWMjyIFF/kvVXab4ymo8nh+yxxlZ9xmUhrGH/iMML5O5LygPscGRcdwTRtwnK/LE1SNsVUt9GAQHQFkMxlqX1k/HnvfwPIJB3u+/g5Lc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177570766147.85991040043962; Mon, 3 Nov 2025 05:46:10 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFun0-0006zU-Pz; Mon, 03 Nov 2025 08:40:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumx-0006td-Mm for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:03 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuml-0004Tl-Au for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:02 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-551-djeEitKkP4eE2YVJeVbK4A-1; Mon, 03 Nov 2025 08:39:46 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CC51A1956096; Mon, 3 Nov 2025 13:39:44 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id F327C1800576; Mon, 3 Nov 2025 13:39:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177189; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rz0597T752t+EXC6+m+BZLgrp1S0OV3VZJw3WlRBiy8=; b=FqoZb7vpjs+h7a84KuKoFhtNF1tXtMzNiwUcCxh4mLWl67zoVehA4SzfycdnD+8lcNATcl BKve8b1Un7MbrQXN8O72sdTi9yReeUz8w15eCQVJgsJCvPMbFSFGxVPC4PkZc3TjHBD/m3 SVC81WucbXj7oWJaEcLByzmni3vrL8M= X-MC-Unique: djeEitKkP4eE2YVJeVbK4A-1 X-Mimecast-MFC-AGG-ID: djeEitKkP4eE2YVJeVbK4A_1762177184 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 18/32] crypto: remove needless indirection via parent_obj field Date: Mon, 3 Nov 2025 13:37:12 +0000 Message-ID: <20251103133727.423041-19-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177573120154100 The reload method already has a pointer to the parent object in the 'creds' parameter that is passed in, so indirect access via the subclass 'parent_obj' field is redundant. Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 6640159a5b..2519f7690b 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -772,15 +772,15 @@ qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds,= Error **errp) QCryptoTLSCredsX509 *x509_creds =3D QCRYPTO_TLS_CREDS_X509(creds); Error *local_err =3D NULL; gnutls_certificate_credentials_t creds_data =3D x509_creds->data; - gnutls_dh_params_t creds_dh_params =3D x509_creds->parent_obj.dh_param= s; + gnutls_dh_params_t creds_dh_params =3D creds->dh_params; =20 x509_creds->data =3D NULL; - x509_creds->parent_obj.dh_params =3D NULL; + creds->dh_params =3D NULL; qcrypto_tls_creds_x509_load(x509_creds, &local_err); if (local_err) { qcrypto_tls_creds_x509_unload(x509_creds); x509_creds->data =3D creds_data; - x509_creds->parent_obj.dh_params =3D creds_dh_params; + creds->dh_params =3D creds_dh_params; error_propagate(errp, local_err); return false; } --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177333; cv=none; d=zohomail.com; s=zohoarc; b=B87vAS2lW/aOaO+EX6KwgW5vPk1CIZzUBFhBi+VPLIIrzZmIlFw8DZWMJZmInoUPQo8f2mVPU0XY68eJb+JtlBfdwZngcJDnsg3WiPq6DCEz8niW9RIFed9kRo+G+cDGaLpIbJYsPQh5M+z2aZLUXBO02rfoAMPTSRaz/kLv0ZE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177333; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KOG9+uSSP3D6aRKkj7S89tRtR/PRX4gBaIrL1DiPN3U=; b=BmZGlAQp0SjrdK42hfzH5oZ6cINCF66bSSRodyJTe7P1B5f1g11uQBXuWWw+djMaY27rtBM7Xme5WPWx0N4ho/gr/j6WAy0DTAb2gNlKvnfA4i5dmQtNy7sI16Px5wAWwBH4yTkda2qr51JH9De8SxCpnjc8a1+BmuhNePthIOk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177333130664.7107120510316; Mon, 3 Nov 2025 05:42:13 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunJ-0007TJ-2u; Mon, 03 Nov 2025 08:40:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFun7-0007Jw-8w for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFumz-0004UF-00 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:12 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-609-sMoytPLCOOiFzwsZBbmVzA-1; Mon, 03 Nov 2025 08:39:54 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 868C21800673; Mon, 3 Nov 2025 13:39:53 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 77B391800576; Mon, 3 Nov 2025 13:39:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177197; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KOG9+uSSP3D6aRKkj7S89tRtR/PRX4gBaIrL1DiPN3U=; b=KFbbIF6Ylpes4d2DLD4jFeHHCgDGa5VkEdJkjzlubiQNAxxW3rOxFSlPLryEL6mTQkklGQ hXgPE6Dp9wW6IQgVy8b0wavBmZKJIyNHLQDSLdTJ47CXiM4Cg3vh31SVg2W17yxKU0/AH7 30QU2apdsNL8vUONgoU1sLp+ZaNwVBE= X-MC-Unique: sMoytPLCOOiFzwsZBbmVzA-1 X-Mimecast-MFC-AGG-ID: sMoytPLCOOiFzwsZBbmVzA_1762177193 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 19/32] crypto: move release of DH parameters into TLS creds parent Date: Mon, 3 Nov 2025 13:37:13 +0000 Message-ID: <20251103133727.423041-20-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177337508158500 The code for releasing DH parameters is common to all credential subclasses, and the unload function is only called from the finalizers, except for x509 reload, so can be moved into the parent with a little update of the reload method. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 6 ++++++ crypto/tlscredsanon.c | 4 ---- crypto/tlscredspsk.c | 4 ---- crypto/tlscredsx509.c | 7 +++---- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 65e97ddd11..a9e0caf864 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -246,6 +246,12 @@ qcrypto_tls_creds_finalize(Object *obj) { QCryptoTLSCreds *creds =3D QCRYPTO_TLS_CREDS(obj); =20 +#ifdef CONFIG_GNUTLS + if (creds->dh_params) { + gnutls_dh_params_deinit(creds->dh_params); + } +#endif + g_free(creds->dir); g_free(creds->priority); } diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index bc3351b5d6..1ddfe4eb31 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -92,10 +92,6 @@ qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds) creds->data.server =3D NULL; } } - if (creds->parent_obj.dh_params) { - gnutls_dh_params_deinit(creds->parent_obj.dh_params); - creds->parent_obj.dh_params =3D NULL; - } } =20 #else /* ! CONFIG_GNUTLS */ diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 545d3e45db..bf4efe2114 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -175,10 +175,6 @@ qcrypto_tls_creds_psk_unload(QCryptoTLSCredsPSK *creds) creds->data.server =3D NULL; } } - if (creds->parent_obj.dh_params) { - gnutls_dh_params_deinit(creds->parent_obj.dh_params); - creds->parent_obj.dh_params =3D NULL; - } } =20 #else /* ! CONFIG_GNUTLS */ diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 2519f7690b..d93905ec77 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -684,10 +684,6 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *cre= ds) gnutls_certificate_free_credentials(creds->data); creds->data =3D NULL; } - if (creds->parent_obj.dh_params) { - gnutls_dh_params_deinit(creds->parent_obj.dh_params); - creds->parent_obj.dh_params =3D NULL; - } } =20 =20 @@ -779,6 +775,9 @@ qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, E= rror **errp) qcrypto_tls_creds_x509_load(x509_creds, &local_err); if (local_err) { qcrypto_tls_creds_x509_unload(x509_creds); + if (creds->dh_params) { + gnutls_dh_params_deinit(creds->dh_params); + } x509_creds->data =3D creds_data; creds->dh_params =3D creds_dh_params; error_propagate(errp, local_err); --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177502; cv=none; d=zohomail.com; s=zohoarc; b=lykc/1t35W4VR18Wx7shOAwiPMLOpXsHjKbVT0/T8gO7U3ePQoyrWRcOxLmFLmRkNT/9ARO0zxj+5iMMqiG4f3FPJP/7I540OtjcPnBxvDNPWib4xxcWPvSp6b1yqlILu83APv6zsZcSUEmCBDFdJyT/jo0q4A7VXq2WnLcxcmg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177502; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=kwX1Thnjdt/JXukp6bxeGadQ7qKel6NbmeI6Gtvbu4U=; b=cPD+LvRr7UP3FgHYO41nBbrgbncy3FqwX35z+arB+Xw0LCrFNbX/2RTWc5S+tF5u3XkZa8gAEkyUEN4dVq3l/q+fi/eRwBBVY2NYiZ2em4cjaW/HLyCcTZijzMBb1rZJIT3zL2EuG/lxeb5f2Gl31oHpjgdBTAP6h1UzaP0wezo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177502816328.2358254048527; Mon, 3 Nov 2025 05:45:02 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunN-0007rw-Mg; Mon, 03 Nov 2025 08:40:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunG-0007Tl-EF for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:24 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFun8-0004h6-Uw for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:21 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-488-3A6rQ2cWNNmNjVNhoI8QnA-1; Mon, 03 Nov 2025 08:40:03 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 4FAEE19560B0; Mon, 3 Nov 2025 13:40:02 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2E5811800451; Mon, 3 Nov 2025 13:39:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177206; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kwX1Thnjdt/JXukp6bxeGadQ7qKel6NbmeI6Gtvbu4U=; b=DbvoDI5w5fk8rz/Dbq1zMVOPFHw3MKdTn5+WytzbNzdmwLZ9e+Bn7DuD7PHwz/olu3FED/ 02MFHVVCNB4c5MGZWFRefA5PkqwrNa39NdInGgcJheb9K0MvKCPnekSuXVDZBM/AJQ8V/D bQ/ko6wiC/+K/BOcjQgTxm3m+aObZmo= X-MC-Unique: 3A6rQ2cWNNmNjVNhoI8QnA-1 X-Mimecast-MFC-AGG-ID: 3A6rQ2cWNNmNjVNhoI8QnA_1762177202 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 20/32] crypto: shorten the endpoint == server check in TLS creds Date: Mon, 3 Nov 2025 13:37:14 +0000 Message-ID: <20251103133727.423041-21-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177504672154100 This eliminates a number of long lines aiding readability. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index d93905ec77..7271b549ee 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -567,6 +567,8 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, g_autofree char *cert =3D NULL; g_autofree char *key =3D NULL; g_autofree char *dhparams =3D NULL; + bool isServer =3D (creds->parent_obj.endpoint =3D=3D + QCRYPTO_TLS_CREDS_ENDPOINT_SERVER); int ret; =20 if (!creds->parent_obj.dir) { @@ -576,7 +578,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, =20 trace_qcrypto_tls_creds_x509_load(creds, creds->parent_obj.dir); =20 - if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { + if (isServer) { if (qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CA_CERT, true, &cacert, errp) < 0 || @@ -609,9 +611,8 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, } =20 if (creds->sanityCheck && - qcrypto_tls_creds_x509_sanity_check(creds, - creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_S= ERVER, - cacert, cert, errp) < 0) { + qcrypto_tls_creds_x509_sanity_check(creds, isServer, + cacert, cert, errp) < 0) { return -1; } =20 @@ -663,7 +664,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, } } =20 - if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { + if (isServer) { if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhpar= ams, &creds->parent_obj.dh_par= ams, errp) < 0) { --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177298; cv=none; d=zohomail.com; s=zohoarc; b=n8JAr/M7/MlpWI6JVRvyll/dBxBbRpSuuf1v4YjXFEBAcha9G7q0a8asS/jnOV/8cAZNRZ+9kTedWKkmXyAm0k32cUlBSvuN71gsRjo0jJIF2XhZuTUKJYHjWtz0SYYKovT/f+VeKlDymHGYkHIlhWRQg3Rr0vvcp9ZGX4EGrOc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177298; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=rTlWvRlpjhFgECUSKuOQQ2Yav1P9oR6xsX9WtCUV42U=; b=Suw6HFgMKd9YtbeB8qGNvHgA2vIeOyh3zhpWZxKH1URe1R1SaL+dTJp9Ha/rKFf58qckZVOEHDGCrhk2qcudF2MJi3K6Bhn7PS45hoTcCPUOnICOUoWHKKV8+LB4202aXRUSehIaSqtZCEx5PFaUvAWrKgeQKW1JpQn8hwMv/DU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177298637120.93361046550103; Mon, 3 Nov 2025 05:41:38 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunK-0007jz-Vx; Mon, 03 Nov 2025 08:40:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunG-0007Tm-EG for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:24 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFun9-0004hN-MP for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:21 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-410-gJ6yUmpEOm2aiTAIY8m6pg-1; Mon, 03 Nov 2025 08:40:09 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CE3F618001D1; Mon, 3 Nov 2025 13:40:07 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id ECED41800451; Mon, 3 Nov 2025 13:40:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rTlWvRlpjhFgECUSKuOQQ2Yav1P9oR6xsX9WtCUV42U=; b=P5XATUrM4OHd7VALPDh6N+TXNOmcXN665YIItOBY0HiFD8gJDTbQZsiUmDSlq3suYKfNL9 domCOzeljjhmrMvFrTTK3ATLWWmArGINJSys5lZUCxewLiLJ8KLZ8VCKvA3Ng0qctoxiiE teryMmB+AWnTE5R3jmIeZ40atUhyhuQ= X-MC-Unique: gJ6yUmpEOm2aiTAIY8m6pg-1 X-Mimecast-MFC-AGG-ID: gJ6yUmpEOm2aiTAIY8m6pg_1762177207 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 21/32] crypto: remove duplication loading x509 CA cert Date: Mon, 3 Nov 2025 13:37:15 +0000 Message-ID: <20251103133727.423041-22-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177305209158500 The CA cert is mandatory in both client and server scenarios. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 7271b549ee..dd28faf872 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -578,11 +578,14 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, =20 trace_qcrypto_tls_creds_x509_load(creds, creds->parent_obj.dir); =20 + if (qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_CA_CERT, + true, &cacert, errp) < 0) { + return -1; + } + if (isServer) { if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CA_CERT, - true, &cacert, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CA_CRL, false, &cacrl, errp) < 0 || qcrypto_tls_creds_get_path(&creds->parent_obj, @@ -598,9 +601,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, } } else { if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CA_CERT, - true, &cacert, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, false, &cert, errp) < 0 || qcrypto_tls_creds_get_path(&creds->parent_obj, --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177529; cv=none; d=zohomail.com; s=zohoarc; b=GFFfbb4oY8211CsrqWKdkz40O7SwRjpV67zaLdMo1ouDoeIsrBTWDxaZtSazDnJNR2QRn1t9kncYLAw5LCmEKsmmN3+NwhFZ47y/xE2YkqOGHAOyoTKueYC8553IId3X3U2qCg/rM/Kwcfqyj1RIfE0+QMk0OM7Wvx2RoatEwOA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177529; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uxplcqBeO5TK/O1vG96dCc9o/MZOP5qDpwqGEsIrzlI=; b=moKKXNpN3+PkoicmElSgvvXd3XrYJJV+e/D0Uh2OMUwF7iDtyyhi4Wzu2IJxxUp+d5whSFaiduiiTcfQCFjeITcGQViUkDRwG4EoNUlRx5j7xE11pydkQ+l8qx9zvISCiSWJFxmWO1rG7Sc5bhSDmwnnU0i/DBuKHDIDitdi/dc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177529548467.7834967509717; Mon, 3 Nov 2025 05:45:29 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunV-0008OZ-KE; Mon, 03 Nov 2025 08:40:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunO-00084c-Qy for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunD-0004hr-FW for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:29 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-364-agtK9y-NMy2fz7rub9LaJg-1; Mon, 03 Nov 2025 08:40:15 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D886A1953953; Mon, 3 Nov 2025 13:40:13 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3168B1800576; Mon, 3 Nov 2025 13:40:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uxplcqBeO5TK/O1vG96dCc9o/MZOP5qDpwqGEsIrzlI=; b=Zj50rHHrvnvi0QHXXQNg/iaxE2aAxaQ3Vm7YeVNH3Reu0slrm41oAXwYZ9WTkWG1t88EC6 5dqjvcfBM6I5245bKh85e0FojS2s0txxfgjAn0nU54UvBJ+Fy76eONMqucVWqPNJDhFTDW faxZgftNNno8tItGmlZGMpti6W8smBM= X-MC-Unique: agtK9y-NMy2fz7rub9LaJg-1 X-Mimecast-MFC-AGG-ID: agtK9y-NMy2fz7rub9LaJg_1762177214 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 22/32] crypto: reduce duplication in handling TLS priority strings Date: Mon, 3 Nov 2025 13:37:16 +0000 Message-ID: <20251103133727.423041-23-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177530929154100 The logic for setting the TLS priority string on a session object has a significant amount of logic duplication across the different credential types. By recording the extra priority string suffix against the credential class, we can introduce a common method for building the priority string. The TLS session can now set the priority string without caring about the credential type. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 15 ++++++++++ crypto/tlscredsanon.c | 2 ++ crypto/tlscredspsk.c | 2 ++ crypto/tlssession.c | 60 ++++++--------------------------------- include/crypto/tlscreds.h | 13 +++++++++ 5 files changed, 41 insertions(+), 51 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index a9e0caf864..c302b3cd72 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -268,6 +268,21 @@ bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds = *creds, return true; } =20 + +char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds *creds) +{ + QCryptoTLSCredsClass *tcc =3D QCRYPTO_TLS_CREDS_GET_CLASS(creds); + const char *priorityBase =3D + creds->priority ? creds->priority : CONFIG_TLS_PRIORITY; + + if (tcc->prioritySuffix) { + return g_strdup_printf("%s:%s", priorityBase, tcc->prioritySuffix); + } else { + return g_strdup(priorityBase); + } +} + + static const TypeInfo qcrypto_tls_creds_info =3D { .parent =3D TYPE_OBJECT, .name =3D TYPE_QCRYPTO_TLS_CREDS, diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 1ddfe4eb31..5c55b07b2f 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -137,8 +137,10 @@ static void qcrypto_tls_creds_anon_class_init(ObjectClass *oc, const void *data) { UserCreatableClass *ucc =3D USER_CREATABLE_CLASS(oc); + QCryptoTLSCredsClass *tcc =3D QCRYPTO_TLS_CREDS_CLASS(oc); =20 ucc->complete =3D qcrypto_tls_creds_anon_complete; + tcc->prioritySuffix =3D "+ANON-DH"; } =20 =20 diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index bf4efe2114..6c2feae077 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -240,8 +240,10 @@ static void qcrypto_tls_creds_psk_class_init(ObjectClass *oc, const void *data) { UserCreatableClass *ucc =3D USER_CREATABLE_CLASS(oc); + QCryptoTLSCredsClass *tcc =3D QCRYPTO_TLS_CREDS_CLASS(oc); =20 ucc->complete =3D qcrypto_tls_creds_psk_complete; + tcc->prioritySuffix =3D "+ECDHE-PSK:+DHE-PSK:+PSK"; =20 object_class_property_add_str(oc, "username", qcrypto_tls_creds_psk_prop_get_username, diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 92fe4f0380..77f334add3 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -155,9 +155,6 @@ qcrypto_tls_session_pull(void *opaque, void *buf, size_= t len) } } =20 -#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH" -#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK" - QCryptoTLSSession * qcrypto_tls_session_new(QCryptoTLSCreds *creds, const char *hostname, @@ -167,6 +164,7 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, { QCryptoTLSSession *session; int ret; + g_autofree char *prio =3D NULL; =20 session =3D g_new0(QCryptoTLSSession, 1); trace_qcrypto_tls_session_new( @@ -200,28 +198,17 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, goto error; } =20 + prio =3D qcrypto_tls_creds_get_priority(creds); + ret =3D gnutls_priority_set_direct(session->handle, prio, NULL); + if (ret < 0) { + error_setg(errp, "Unable to set TLS session priority %s: %s", + prio, gnutls_strerror(ret)); + goto error; + } + if (object_dynamic_cast(OBJECT(creds), TYPE_QCRYPTO_TLS_CREDS_ANON)) { QCryptoTLSCredsAnon *acreds =3D QCRYPTO_TLS_CREDS_ANON(creds); - char *prio; - - if (creds->priority !=3D NULL) { - prio =3D g_strdup_printf("%s:%s", - creds->priority, - TLS_PRIORITY_ADDITIONAL_ANON); - } else { - prio =3D g_strdup(CONFIG_TLS_PRIORITY ":" - TLS_PRIORITY_ADDITIONAL_ANON); - } - - ret =3D gnutls_priority_set_direct(session->handle, prio, NULL); - if (ret < 0) { - error_setg(errp, "Unable to set TLS session priority %s: %s", - prio, gnutls_strerror(ret)); - g_free(prio); - goto error; - } - g_free(prio); if (creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { ret =3D gnutls_credentials_set(session->handle, GNUTLS_CRD_ANON, @@ -239,25 +226,6 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, } else if (object_dynamic_cast(OBJECT(creds), TYPE_QCRYPTO_TLS_CREDS_PSK)) { QCryptoTLSCredsPSK *pcreds =3D QCRYPTO_TLS_CREDS_PSK(creds); - char *prio; - - if (creds->priority !=3D NULL) { - prio =3D g_strdup_printf("%s:%s", - creds->priority, - TLS_PRIORITY_ADDITIONAL_PSK); - } else { - prio =3D g_strdup(CONFIG_TLS_PRIORITY ":" - TLS_PRIORITY_ADDITIONAL_PSK); - } - - ret =3D gnutls_priority_set_direct(session->handle, prio, NULL); - if (ret < 0) { - error_setg(errp, "Unable to set TLS session priority %s: %s", - prio, gnutls_strerror(ret)); - g_free(prio); - goto error; - } - g_free(prio); if (creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { ret =3D gnutls_credentials_set(session->handle, GNUTLS_CRD_PSK, @@ -275,17 +243,7 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, } else if (object_dynamic_cast(OBJECT(creds), TYPE_QCRYPTO_TLS_CREDS_X509)) { QCryptoTLSCredsX509 *tcreds =3D QCRYPTO_TLS_CREDS_X509(creds); - const char *prio =3D creds->priority; - if (!prio) { - prio =3D CONFIG_TLS_PRIORITY; - } =20 - ret =3D gnutls_priority_set_direct(session->handle, prio, NULL); - if (ret < 0) { - error_setg(errp, "Cannot set default TLS session priority %s: = %s", - prio, gnutls_strerror(ret)); - goto error; - } ret =3D gnutls_credentials_set(session->handle, GNUTLS_CRD_CERTIFICATE, tcreds->data); diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index 2a8a857010..afd1016088 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -47,6 +47,7 @@ typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, E= rror **); struct QCryptoTLSCredsClass { ObjectClass parent_class; CryptoTLSCredsReload reload; + const char *prioritySuffix; }; =20 /** @@ -64,4 +65,16 @@ bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *c= reds, QCryptoTLSCredsEndpoint endpoint, Error **errp); =20 + +/** + * qcrypto_tls_creds_get_priority: + * @creds: pointer to a TLS credentials object + * + * Get the TLS credentials priority string. The caller + * must free the returned string when no longer required. + * + * Returns: a non-NULL priority string + */ +char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds *creds); + #endif /* QCRYPTO_TLSCREDS_H */ --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177441; cv=none; d=zohomail.com; s=zohoarc; b=UJNDfdYJPSDo08IYYYxmDz1t0uDn31OMXyK/zC5ubZ2dmUSG3o1hmj5Ty7YHzHjtgKomF+nRUDq9q6r/7Os1mPPd5LTCEPPW0/9vwi/ZWIjEfmhP6yHRhRGzPVJy3I759ZG/4KlFR6E5rjOPxmtapNtBFRxFs+Z01gkfdyIJXzs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177441; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=aZOsUq436Ugr8X1RKjdBYkhL68FnICgV1ZP0VKPzx30=; b=UW84MjjQ0veavRRkoClUp+i40gptFqIu0k+GIYbpBcvNES+ZAzi+hNulJ91B8D7UlBGoZK04fmNUw1RBg9W3+Z1IBp5PB6o4WuV4qIKkWx9j4Jfv7BPq+iCqg8qp/77tXo/J8el4xGsg9yLg4lIuvVtcDGmDb4kPYyK0MeU6VQc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177441359879.878850621136; Mon, 3 Nov 2025 05:44:01 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunf-0000MP-JD; Mon, 03 Nov 2025 08:40:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunX-0008Va-4X for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:40 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunN-0004iY-Fb for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:37 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-664-UszjXLJkP0KyWWbuE3d85Q-1; Mon, 03 Nov 2025 08:40:21 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E58B7180899E; Mon, 3 Nov 2025 13:40:18 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7295C1800581; Mon, 3 Nov 2025 13:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aZOsUq436Ugr8X1RKjdBYkhL68FnICgV1ZP0VKPzx30=; b=WbUIZwZuVhREPalIpmMhJM+GajnU0IN9fUO7qjCJblIpWbTAF0Y6BotnbVJrue3F60YBqk JlH3rADLWHnHNBDcCVDO9kWUZRHnnOyrbcWDt0XoydKH8EDOrNAa7hEQhYvyfMO7+h1JDo OKXe8qBn4f/AOB0ZdtKR8zij27Gv0zc= X-MC-Unique: UszjXLJkP0KyWWbuE3d85Q-1 X-Mimecast-MFC-AGG-ID: UszjXLJkP0KyWWbuE3d85Q_1762177220 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 23/32] crypto: introduce method for reloading TLS creds Date: Mon, 3 Nov 2025 13:37:17 +0000 Message-ID: <20251103133727.423041-24-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177442355154100 This prevents direct access of the class members by the VNC display code. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 15 +++++++++++++++ include/crypto/tlscreds.h | 13 +++++++++++++ ui/vnc.c | 9 +-------- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index c302b3cd72..0db9bf6eeb 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -283,6 +283,21 @@ char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds *= creds) } =20 =20 +bool qcrypto_tls_creds_reload(QCryptoTLSCreds *creds, + Error **errp) +{ + QCryptoTLSCredsClass *credscls =3D QCRYPTO_TLS_CREDS_GET_CLASS(creds); + + if (credscls->reload) { + return credscls->reload(creds, errp); + } + + error_setg(errp, "%s does not support reloading credentials", + object_get_typename(OBJECT(creds))); + return false; +} + + static const TypeInfo qcrypto_tls_creds_info =3D { .parent =3D TYPE_OBJECT, .name =3D TYPE_QCRYPTO_TLS_CREDS, diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index afd1016088..bb9280ed1a 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -77,4 +77,17 @@ bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *c= reds, */ char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds *creds); =20 + +/** + * qcrypto_tls_creds_reload: + * @creds: pointer to a TLS credentials object + * @errp: pointer to a NULL-initialized error object + * + * Request a reload of the TLS credentials, if supported + * + * Returns: true on success, false on error or if not supported + */ +bool qcrypto_tls_creds_reload(QCryptoTLSCreds *creds, + Error **errp); + #endif /* QCRYPTO_TLSCREDS_H */ diff --git a/ui/vnc.c b/ui/vnc.c index 0094ec680c..50016ff7ab 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -578,7 +578,6 @@ VncInfo2List *qmp_query_vnc_servers(Error **errp) bool vnc_display_reload_certs(const char *id, Error **errp) { VncDisplay *vd =3D vnc_display_find(id); - QCryptoTLSCredsClass *creds =3D NULL; =20 if (!vd) { error_setg(errp, "Can not find vnc display"); @@ -590,13 +589,7 @@ bool vnc_display_reload_certs(const char *id, Error **= errp) return false; } =20 - creds =3D QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds)); - if (creds->reload =3D=3D NULL) { - error_setg(errp, "%s doesn't support to reload TLS credential", - object_get_typename(OBJECT(vd->tlscreds))); - return false; - } - if (!creds->reload(vd->tlscreds, errp)) { + if (!qcrypto_tls_creds_reload(vd->tlscreds, errp)) { return false; } =20 --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177390; cv=none; d=zohomail.com; s=zohoarc; b=CtjTIyW96309AsoyTGrWvEq+kQD3KVCMc99rHCsyge9KUeBz8exSUsMcng8dIRKn0Vqu/VdR/7VTvwCqVVuIQJ9unSDCSVduQhx1F25OssWaIZLYUdIIladFSmFWzdvTegqi0FlyxKrjd9lNQhSbkZRxhqIJRr6o+MG2Jx2qvfA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177390; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=IXIwVfNB2F1tDt1PGqL4itLFEXKo3+zxh5afw7l5lzA=; b=mtrlm8Mf9mZN7TpVjaFTFWtOv/2rDW0RQgb2rjqC4FpZh+jNpCH/UTII35h17U7wEIFOlaCtMJC8Jbzo+bV2IBBQVGTk2+y5KHOEzyu8xg0oM6e6n7vvZ4nv8SlNZfr/rMiZYbWahEIpunH3L9JcPn3zv1iXD8vjHdrzxEaBBhI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177390964175.33013555043578; Mon, 3 Nov 2025 05:43:10 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunf-0000XE-LQ; Mon, 03 Nov 2025 08:40:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFund-0000IX-2C for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:45 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunR-0004jD-K6 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:44 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-679-aHeOs4WhOR-9R14EczECBA-1; Mon, 03 Nov 2025 08:40:26 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 775DC1801231; Mon, 3 Nov 2025 13:40:25 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 62CDA180057B; Mon, 3 Nov 2025 13:40:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IXIwVfNB2F1tDt1PGqL4itLFEXKo3+zxh5afw7l5lzA=; b=UlrsS381B4+23W0jvg0BKZmWKjKk5UhUNExbBq3urWEKqxxpKKdzswR1Wb9g2h5g4/aQmE Sh3EoCNVlM7Cm4Jbe4Q0zXQUAJF5OSSEQ7pxFtE/DtQ/WJgJXFTyFuTjeOZZob9Dub1eiX qxpCf0FNhYAzLH9tS+riblAAbWZCW60= X-MC-Unique: aHeOs4WhOR-9R14EczECBA-1 X-Mimecast-MFC-AGG-ID: aHeOs4WhOR-9R14EczECBA_1762177225 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 24/32] crypto: introduce a wrapper around gnutls credentials Date: Mon, 3 Nov 2025 13:37:18 +0000 Message-ID: <20251103133727.423041-25-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177391885154100 The gnutls_credentials_set() method has a very suprising API contract that requires the caller to preserve the passed in credentials pointer for as long as the gnutls_session_t object is alive. QEMU is failing to ensure this happens. In QEMU the GNUTLS credentials object is owned by the QCryptoTLSCreds object instance while the GNUTLS session object is owned by the QCryptoTLSSession object instance. Their lifetimes are not guaranteed to be the same, though in most common usage the credentials will outlive the session. This is notably not the case, however, after the VNC server gained the ability to reload credentials on the fly with: commit 1f08e3415120637cad7f540d9ceb4dba3136dbdd Author: Zihao Chang Date: Tue Mar 16 15:58:44 2021 +0800 vnc: support reload x509 certificates for vnc If that is triggered while a VNC client is in the middle of performing a TLS handshake, we might hit a use-after-free. It is difficult to correct this problem because there's no way to deep- clone a GNUTLS credentials object, nor is it reference counted. Thus we introduce a QCryptoTLSCredsBox object whose only purpose is to add reference counting around the GNUTLS credentials object. The DH parameters set against a credentials object also have to be kept alive for as long as the credentials exist. So the box must also hold the DH parameters pointer. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/meson.build | 5 ++- crypto/tlscredsbox.c | 101 +++++++++++++++++++++++++++++++++++++++++++ crypto/tlscredsbox.h | 50 +++++++++++++++++++++ 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 crypto/tlscredsbox.c create mode 100644 crypto/tlscredsbox.h diff --git a/crypto/meson.build b/crypto/meson.build index 110c347033..b51597a879 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -25,7 +25,10 @@ crypto_ss.add(files( )) =20 if gnutls.found() - crypto_ss.add(files('x509-utils.c')) + crypto_ss.add(files( + 'tlscredsbox.c', + 'x509-utils.c', + )) endif =20 if nettle.found() diff --git a/crypto/tlscredsbox.c b/crypto/tlscredsbox.c new file mode 100644 index 0000000000..b8d9846af8 --- /dev/null +++ b/crypto/tlscredsbox.c @@ -0,0 +1,101 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * QEMU crypto TLS credential support + * + * Copyright (c) 2025 Red Hat, Inc. + */ + +#include "qemu/osdep.h" +#include "crypto/tlscredsbox.h" +#include "qemu/atomic.h" + + +static QCryptoTLSCredsBox * +qcrypto_tls_creds_box_new_impl(int type, bool server) +{ + QCryptoTLSCredsBox *credsbox =3D g_new0(QCryptoTLSCredsBox, 1); + credsbox->ref =3D 1; + credsbox->server =3D server; + credsbox->type =3D type; + return credsbox; +} + + +QCryptoTLSCredsBox * +qcrypto_tls_creds_box_new_server(int type) +{ + return qcrypto_tls_creds_box_new_impl(type, true); +} + + +QCryptoTLSCredsBox * +qcrypto_tls_creds_box_new_client(int type) +{ + return qcrypto_tls_creds_box_new_impl(type, false); +} + +static void qcrypto_tls_creds_box_free(QCryptoTLSCredsBox *credsbox) +{ + switch (credsbox->type) { + case GNUTLS_CRD_CERTIFICATE: + if (credsbox->data.cert) { + gnutls_certificate_free_credentials(credsbox->data.cert); + } + break; + case GNUTLS_CRD_PSK: + if (credsbox->server) { + if (credsbox->data.pskserver) { + gnutls_psk_free_server_credentials(credsbox->data.pskserve= r); + } + } else { + if (credsbox->data.pskclient) { + gnutls_psk_free_client_credentials(credsbox->data.pskclien= t); + } + } + break; + case GNUTLS_CRD_ANON: + if (credsbox->server) { + if (credsbox->data.anonserver) { + gnutls_anon_free_server_credentials(credsbox->data.anonser= ver); + } + } else { + if (credsbox->data.anonclient) { + gnutls_anon_free_client_credentials(credsbox->data.anoncli= ent); + } + } + break; + default: + g_assert_not_reached(); + } + + if (credsbox->dh_params) { + gnutls_dh_params_deinit(credsbox->dh_params); + } + + g_free(credsbox); +} + + +void qcrypto_tls_creds_box_ref(QCryptoTLSCredsBox *credsbox) +{ + uint32_t ref =3D qatomic_fetch_inc(&credsbox->ref); + /* Assert waaay before the integer overflows */ + g_assert(ref < INT_MAX); +} + + +void qcrypto_tls_creds_box_unref(QCryptoTLSCredsBox *credsbox) +{ + if (!credsbox) { + return; + } + + g_assert(credsbox->ref > 0); + + if (qatomic_fetch_dec(&credsbox->ref) =3D=3D 1) { + qcrypto_tls_creds_box_free(credsbox); + } + +} + diff --git a/crypto/tlscredsbox.h b/crypto/tlscredsbox.h new file mode 100644 index 0000000000..eeb54d1eeb --- /dev/null +++ b/crypto/tlscredsbox.h @@ -0,0 +1,50 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * QEMU crypto TLS credential support + * + * Copyright (c) 2025 Red Hat, Inc. + */ + +#ifndef QCRYPTO_TLSCREDS_BOX_H +#define QCRYPTO_TLSCREDS_BOX_H + +#include "qom/object.h" + +#ifdef CONFIG_GNUTLS +#include +#endif + +typedef struct QCryptoTLSCredsBox QCryptoTLSCredsBox; + +struct QCryptoTLSCredsBox { + uint32_t ref; + bool server; + int type; + union { + void *any; +#ifdef CONFIG_GNUTLS + /* + * All of these gnutls_XXXX_credentials_t types are + * pointers, hence matching the 'any' field above + */ + gnutls_anon_server_credentials_t anonserver; + gnutls_anon_client_credentials_t anonclient; + gnutls_psk_server_credentials_t pskserver; + gnutls_psk_client_credentials_t pskclient; + gnutls_certificate_credentials_t cert; +#endif + } data; +#ifdef CONFIG_GNUTLS + gnutls_dh_params_t dh_params; +#endif +}; + +QCryptoTLSCredsBox *qcrypto_tls_creds_box_new_server(int type); +QCryptoTLSCredsBox *qcrypto_tls_creds_box_new_client(int type); +void qcrypto_tls_creds_box_ref(QCryptoTLSCredsBox *credsbox); +void qcrypto_tls_creds_box_unref(QCryptoTLSCredsBox *credsbox); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSCredsBox, qcrypto_tls_creds_box_un= ref); + +#endif /* QCRYPTO_TLSCREDS_BOX_H */ --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177606; cv=none; d=zohomail.com; s=zohoarc; b=UPlk107ltGdVgBBfLUoYiscTlTtt4cAYcK6Fl4eNtnQc7IcVcd/rCgR509rvyhczHm+0M8awrUDW2z7d6Z4lRA4Fgm/KhQqXZPN/T1x5gUCGobbTbyJ3NVO4bRyejz+tFDCgXno0yp+yKKSgZRxNRNEA5XzCMGVHV5b+d7cMTyw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177606; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=YTV25W/xOqqAFNljl76ezd4WGUFiO0VNgJCvfnU/tw8=; b=Dv/1bgc+HP23DKOWX2DYxfxz5fe6ZPEnEhZcUO8MTgHOZb+u6mQXmPFGZVUDeE5W6Jbi0ga8PMuM/z6SYgSJjOHe8/S2HaSsfTOmc8IDq7yWRytWwdd/WGIYJcZ6nVhv5jbmOBY3gJqih9hqaAr2FpVmXog4K5pYfquJydm1Chc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177606334745.9016638926777; Mon, 3 Nov 2025 05:46:46 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFunj-0000gs-AP; Mon, 03 Nov 2025 08:40:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunf-0000Wv-Ep for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:47 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunX-0004jn-UJ for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:47 -0500 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-444-RmD048khNfm1RiJvIB_H-g-1; Mon, 03 Nov 2025 08:40:32 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5C3FF195423A; Mon, 3 Nov 2025 13:40:30 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id AED6F1800576; Mon, 3 Nov 2025 13:40:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YTV25W/xOqqAFNljl76ezd4WGUFiO0VNgJCvfnU/tw8=; b=QmxitsQBSwh2ZeSr15i5SF07KZ93Ds+QnSJSAcLdMip4/JMPhlkghO8jKKagHUSm8sz1Ha RYIeRxjsSwSn/4nopM6ie53mRDQw0joTk0M08lyC3WAscu1CAvBexrv2nvTEl9rL0O6IEw cxJycJ4wn4UnuWydOPTiLShJ54sfgE8= X-MC-Unique: RmD048khNfm1RiJvIB_H-g-1 X-Mimecast-MFC-AGG-ID: RmD048khNfm1RiJvIB_H-g_1762177230 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 25/32] crypto: fix lifecycle handling of gnutls credentials objects Date: Mon, 3 Nov 2025 13:37:19 +0000 Message-ID: <20251103133727.423041-26-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177609600154100 As described in the previous commit, the gnutls credentials need to be kept alive for as long as the gnutls session object exists. Convert the QCryptoTLSCreds objects to use QCryptoTLSCredsBox and holding the gnutls credential objects. When loading the credentials into a gnutls session, store a reference to the box into the QCryptoTLSSession object. This has the useful side effect that the QCryptoTLSSession code no longer needs to know about all the different credential types, it can use the generic pointer stored in the box. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 5 +-- crypto/tlscredsanon.c | 48 +++++--------------------- crypto/tlscredspriv.h | 20 ++--------- crypto/tlscredspsk.c | 46 ++++++++----------------- crypto/tlscredsx509.c | 71 +++++++++++++------------------------- crypto/tlssession.c | 80 ++++++++++++++----------------------------- 6 files changed, 75 insertions(+), 195 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 0db9bf6eeb..9912e3ffbf 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -247,11 +247,8 @@ qcrypto_tls_creds_finalize(Object *obj) QCryptoTLSCreds *creds =3D QCRYPTO_TLS_CREDS(obj); =20 #ifdef CONFIG_GNUTLS - if (creds->dh_params) { - gnutls_dh_params_deinit(creds->dh_params); - } + qcrypto_tls_creds_box_unref(creds->box); #endif - g_free(creds->dir); g_free(creds->priority); } diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 5c55b07b2f..0a728ccbf6 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -36,6 +36,7 @@ static int qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, Error **errp) { + g_autoptr(QCryptoTLSCredsBox) box =3D NULL; g_autofree char *dhparams =3D NULL; int ret; =20 @@ -43,6 +44,8 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, creds->parent_obj.dir ? creds->parent_obj.dir : ""); =20 if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { + box =3D qcrypto_tls_creds_box_new_server(GNUTLS_CRD_ANON); + if (creds->parent_obj.dir && qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_DH_PARAMS, @@ -50,7 +53,7 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, return -1; } =20 - ret =3D gnutls_anon_allocate_server_credentials(&creds->data.serve= r); + ret =3D gnutls_anon_allocate_server_credentials(&box->data.anonser= ver); if (ret < 0) { error_setg(errp, "Cannot allocate credentials: %s", gnutls_strerror(ret)); @@ -58,42 +61,26 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, } =20 if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhpar= ams, - &creds->parent_obj.dh_par= ams, - errp) < 0) { + &box->dh_params, errp) < = 0) { return -1; } =20 - gnutls_anon_set_server_dh_params(creds->data.server, - creds->parent_obj.dh_params); + gnutls_anon_set_server_dh_params(box->data.anonserver, + box->dh_params); } else { - ret =3D gnutls_anon_allocate_client_credentials(&creds->data.clien= t); + ret =3D gnutls_anon_allocate_client_credentials(&box->data.anoncli= ent); if (ret < 0) { error_setg(errp, "Cannot allocate credentials: %s", gnutls_strerror(ret)); return -1; } } + creds->parent_obj.box =3D g_steal_pointer(&box); =20 return 0; } =20 =20 -static void -qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds) -{ - if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIEN= T) { - if (creds->data.client) { - gnutls_anon_free_client_credentials(creds->data.client); - creds->data.client =3D NULL; - } - } else { - if (creds->data.server) { - gnutls_anon_free_server_credentials(creds->data.server); - creds->data.server =3D NULL; - } - } -} - #else /* ! CONFIG_GNUTLS */ =20 =20 @@ -105,13 +92,6 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds = G_GNUC_UNUSED, } =20 =20 -static void -qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds G_GNUC_UNUSED) -{ - /* nada */ -} - - #endif /* ! CONFIG_GNUTLS */ =20 =20 @@ -124,15 +104,6 @@ qcrypto_tls_creds_anon_complete(UserCreatable *uc, Err= or **errp) } =20 =20 -static void -qcrypto_tls_creds_anon_finalize(Object *obj) -{ - QCryptoTLSCredsAnon *creds =3D QCRYPTO_TLS_CREDS_ANON(obj); - - qcrypto_tls_creds_anon_unload(creds); -} - - static void qcrypto_tls_creds_anon_class_init(ObjectClass *oc, const void *data) { @@ -148,7 +119,6 @@ static const TypeInfo qcrypto_tls_creds_anon_info =3D { .parent =3D TYPE_QCRYPTO_TLS_CREDS, .name =3D TYPE_QCRYPTO_TLS_CREDS_ANON, .instance_size =3D sizeof(QCryptoTLSCredsAnon), - .instance_finalize =3D qcrypto_tls_creds_anon_finalize, .class_size =3D sizeof(QCryptoTLSCredsAnonClass), .class_init =3D qcrypto_tls_creds_anon_class_init, .interfaces =3D (const InterfaceInfo[]) { diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index df9815a286..4e6dffa22f 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -22,6 +22,7 @@ #define QCRYPTO_TLSCREDSPRIV_H =20 #include "crypto/tlscreds.h" +#include "crypto/tlscredsbox.h" =20 #ifdef CONFIG_GNUTLS #include @@ -31,39 +32,22 @@ struct QCryptoTLSCreds { Object parent_obj; char *dir; QCryptoTLSCredsEndpoint endpoint; -#ifdef CONFIG_GNUTLS - gnutls_dh_params_t dh_params; -#endif bool verifyPeer; char *priority; + QCryptoTLSCredsBox *box; }; =20 struct QCryptoTLSCredsAnon { QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - union { - gnutls_anon_server_credentials_t server; - gnutls_anon_client_credentials_t client; - } data; -#endif }; =20 struct QCryptoTLSCredsPSK { QCryptoTLSCreds parent_obj; char *username; -#ifdef CONFIG_GNUTLS - union { - gnutls_psk_server_credentials_t server; - gnutls_psk_client_credentials_t client; - } data; -#endif }; =20 struct QCryptoTLSCredsX509 { QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - gnutls_certificate_credentials_t data; -#endif bool sanityCheck; char *passwordid; }; diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 6c2feae077..5568f1ad0c 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -71,6 +71,7 @@ static int qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, Error **errp) { + g_autoptr(QCryptoTLSCredsBox) box =3D NULL; g_autofree char *pskfile =3D NULL; g_autofree char *dhparams =3D NULL; const char *username; @@ -87,6 +88,8 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, } =20 if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { + box =3D qcrypto_tls_creds_box_new_server(GNUTLS_CRD_PSK); + if (creds->username) { error_setg(errp, "username should not be set when endpoint=3Ds= erver"); goto cleanup; @@ -101,7 +104,7 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, goto cleanup; } =20 - ret =3D gnutls_psk_allocate_server_credentials(&creds->data.server= ); + ret =3D gnutls_psk_allocate_server_credentials(&box->data.pskserve= r); if (ret < 0) { error_setg(errp, "Cannot allocate credentials: %s", gnutls_strerror(ret)); @@ -109,20 +112,23 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, } =20 if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhpar= ams, - &creds->parent_obj.dh_par= ams, + &box->dh_params, errp) < 0) { goto cleanup; } =20 - ret =3D gnutls_psk_set_server_credentials_file(creds->data.server,= pskfile); + ret =3D gnutls_psk_set_server_credentials_file(box->data.pskserver, + pskfile); if (ret < 0) { error_setg(errp, "Cannot set PSK server credentials: %s", gnutls_strerror(ret)); goto cleanup; } - gnutls_psk_set_server_dh_params(creds->data.server, - creds->parent_obj.dh_params); + gnutls_psk_set_server_dh_params(box->data.pskserver, + box->dh_params); } else { + box =3D qcrypto_tls_creds_box_new_client(GNUTLS_CRD_PSK); + if (qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_PSKFILE, true, &pskfile, errp) < 0) { @@ -138,14 +144,14 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, goto cleanup; } =20 - ret =3D gnutls_psk_allocate_client_credentials(&creds->data.client= ); + ret =3D gnutls_psk_allocate_client_credentials(&box->data.pskclien= t); if (ret < 0) { error_setg(errp, "Cannot allocate credentials: %s", gnutls_strerror(ret)); goto cleanup; } =20 - ret =3D gnutls_psk_set_client_credentials(creds->data.client, + ret =3D gnutls_psk_set_client_credentials(box->data.pskclient, username, &key, GNUTLS_PSK= _KEY_HEX); if (ret < 0) { error_setg(errp, "Cannot set PSK client credentials: %s", @@ -153,6 +159,7 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, goto cleanup; } } + creds->parent_obj.box =3D g_steal_pointer(&box); =20 rv =3D 0; cleanup: @@ -160,23 +167,6 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, return rv; } =20 - -static void -qcrypto_tls_creds_psk_unload(QCryptoTLSCredsPSK *creds) -{ - if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIEN= T) { - if (creds->data.client) { - gnutls_psk_free_client_credentials(creds->data.client); - creds->data.client =3D NULL; - } - } else { - if (creds->data.server) { - gnutls_psk_free_server_credentials(creds->data.server); - creds->data.server =3D NULL; - } - } -} - #else /* ! CONFIG_GNUTLS */ =20 =20 @@ -188,13 +178,6 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds G= _GNUC_UNUSED, } =20 =20 -static void -qcrypto_tls_creds_psk_unload(QCryptoTLSCredsPSK *creds G_GNUC_UNUSED) -{ - /* nada */ -} - - #endif /* ! CONFIG_GNUTLS */ =20 =20 @@ -212,7 +195,6 @@ qcrypto_tls_creds_psk_finalize(Object *obj) { QCryptoTLSCredsPSK *creds =3D QCRYPTO_TLS_CREDS_PSK(obj); =20 - qcrypto_tls_creds_psk_unload(creds); g_free(creds->username); } =20 diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dd28faf872..388ddb7f0e 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -562,6 +562,7 @@ static int qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, Error **errp) { + g_autoptr(QCryptoTLSCredsBox) box =3D NULL; g_autofree char *cacert =3D NULL; g_autofree char *cacrl =3D NULL; g_autofree char *cert =3D NULL; @@ -578,6 +579,19 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, =20 trace_qcrypto_tls_creds_x509_load(creds, creds->parent_obj.dir); =20 + if (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R) { + box =3D qcrypto_tls_creds_box_new_server(GNUTLS_CRD_CERTIFICATE); + } else { + box =3D qcrypto_tls_creds_box_new_client(GNUTLS_CRD_CERTIFICATE); + } + + ret =3D gnutls_certificate_allocate_credentials(&box->data.cert); + if (ret < 0) { + error_setg(errp, "Cannot allocate credentials: '%s'", + gnutls_strerror(ret)); + return -1; + } + if (qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CA_CERT, true, &cacert, errp) < 0) { @@ -616,14 +630,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, return -1; } =20 - ret =3D gnutls_certificate_allocate_credentials(&creds->data); - if (ret < 0) { - error_setg(errp, "Cannot allocate credentials: '%s'", - gnutls_strerror(ret)); - return -1; - } - - ret =3D gnutls_certificate_set_x509_trust_file(creds->data, + ret =3D gnutls_certificate_set_x509_trust_file(box->data.cert, cacert, GNUTLS_X509_FMT_PEM); if (ret < 0) { @@ -641,7 +648,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, return -1; } } - ret =3D gnutls_certificate_set_x509_key_file2(creds->data, + ret =3D gnutls_certificate_set_x509_key_file2(box->data.cert, cert, key, GNUTLS_X509_FMT_PEM, password, @@ -654,7 +661,7 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, } =20 if (cacrl !=3D NULL) { - ret =3D gnutls_certificate_set_x509_crl_file(creds->data, + ret =3D gnutls_certificate_set_x509_crl_file(box->data.cert, cacrl, GNUTLS_X509_FMT_PEM); if (ret < 0) { @@ -666,28 +673,18 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, =20 if (isServer) { if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhpar= ams, - &creds->parent_obj.dh_par= ams, + &box->dh_params, errp) < 0) { return -1; } - gnutls_certificate_set_dh_params(creds->data, - creds->parent_obj.dh_params); + gnutls_certificate_set_dh_params(box->data.cert, box->dh_params); } + creds->parent_obj.box =3D g_steal_pointer(&box); =20 return 0; } =20 =20 -static void -qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds) -{ - if (creds->data) { - gnutls_certificate_free_credentials(creds->data); - creds->data =3D NULL; - } -} - - #else /* ! CONFIG_GNUTLS */ =20 =20 @@ -699,13 +696,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds= G_GNUC_UNUSED, } =20 =20 -static void -qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds G_GNUC_UNUSED) -{ - /* nada */ -} - - #endif /* ! CONFIG_GNUTLS */ =20 =20 @@ -768,29 +758,17 @@ qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds,= Error **errp) { QCryptoTLSCredsX509 *x509_creds =3D QCRYPTO_TLS_CREDS_X509(creds); Error *local_err =3D NULL; - gnutls_certificate_credentials_t creds_data =3D x509_creds->data; - gnutls_dh_params_t creds_dh_params =3D creds->dh_params; + QCryptoTLSCredsBox *creds_box =3D creds->box; =20 - x509_creds->data =3D NULL; - creds->dh_params =3D NULL; + creds->box =3D NULL; qcrypto_tls_creds_x509_load(x509_creds, &local_err); if (local_err) { - qcrypto_tls_creds_x509_unload(x509_creds); - if (creds->dh_params) { - gnutls_dh_params_deinit(creds->dh_params); - } - x509_creds->data =3D creds_data; - creds->dh_params =3D creds_dh_params; + creds->box =3D creds_box; error_propagate(errp, local_err); return false; } =20 - if (creds_data) { - gnutls_certificate_free_credentials(creds_data); - } - if (creds_dh_params) { - gnutls_dh_params_deinit(creds_dh_params); - } + qcrypto_tls_creds_box_unref(creds_box); return true; } =20 @@ -823,7 +801,6 @@ qcrypto_tls_creds_x509_finalize(Object *obj) QCryptoTLSCredsX509 *creds =3D QCRYPTO_TLS_CREDS_X509(obj); =20 g_free(creds->passwordid); - qcrypto_tls_creds_x509_unload(creds); } =20 =20 diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 77f334add3..a1dc3b3ce0 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -38,6 +38,7 @@ =20 struct QCryptoTLSSession { QCryptoTLSCreds *creds; + QCryptoTLSCredsBox *credsbox; gnutls_session_t handle; char *hostname; char *authzid; @@ -78,6 +79,7 @@ qcrypto_tls_session_free(QCryptoTLSSession *session) g_free(session->hostname); g_free(session->peername); g_free(session->authzid); + qcrypto_tls_creds_box_unref(session->credsbox); object_unref(OBJECT(session->creds)); qemu_mutex_destroy(&session->lock); g_free(session); @@ -206,63 +208,31 @@ qcrypto_tls_session_new(QCryptoTLSCreds *creds, goto error; } =20 - if (object_dynamic_cast(OBJECT(creds), - TYPE_QCRYPTO_TLS_CREDS_ANON)) { - QCryptoTLSCredsAnon *acreds =3D QCRYPTO_TLS_CREDS_ANON(creds); - if (creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - ret =3D gnutls_credentials_set(session->handle, - GNUTLS_CRD_ANON, - acreds->data.server); - } else { - ret =3D gnutls_credentials_set(session->handle, - GNUTLS_CRD_ANON, - acreds->data.client); - } - if (ret < 0) { - error_setg(errp, "Cannot set session credentials: %s", - gnutls_strerror(ret)); - goto error; - } - } else if (object_dynamic_cast(OBJECT(creds), - TYPE_QCRYPTO_TLS_CREDS_PSK)) { - QCryptoTLSCredsPSK *pcreds =3D QCRYPTO_TLS_CREDS_PSK(creds); - if (creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - ret =3D gnutls_credentials_set(session->handle, - GNUTLS_CRD_PSK, - pcreds->data.server); - } else { - ret =3D gnutls_credentials_set(session->handle, - GNUTLS_CRD_PSK, - pcreds->data.client); - } - if (ret < 0) { - error_setg(errp, "Cannot set session credentials: %s", - gnutls_strerror(ret)); - goto error; - } - } else if (object_dynamic_cast(OBJECT(creds), - TYPE_QCRYPTO_TLS_CREDS_X509)) { - QCryptoTLSCredsX509 *tcreds =3D QCRYPTO_TLS_CREDS_X509(creds); + ret =3D gnutls_credentials_set(session->handle, + creds->box->type, + creds->box->data.any); + if (ret < 0) { + error_setg(errp, "Cannot set session credentials: %s", + gnutls_strerror(ret)); + goto error; + } =20 - ret =3D gnutls_credentials_set(session->handle, - GNUTLS_CRD_CERTIFICATE, - tcreds->data); - if (ret < 0) { - error_setg(errp, "Cannot set session credentials: %s", - gnutls_strerror(ret)); - goto error; - } + /* + * creds->box->data.any must be kept alive for as long + * as the gnutls_session_t is alive, so acquire a ref + */ + qcrypto_tls_creds_box_ref(creds->box); + session->credsbox =3D creds->box; =20 - if (creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - /* This requests, but does not enforce a client cert. - * The cert checking code later does enforcement */ - gnutls_certificate_server_set_request(session->handle, - GNUTLS_CERT_REQUEST); - } - } else { - error_setg(errp, "Unsupported TLS credentials type %s", - object_get_typename(OBJECT(creds))); - goto error; + if (object_dynamic_cast(OBJECT(creds), + TYPE_QCRYPTO_TLS_CREDS_X509) && + creds->endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { + /* + * This requests, but does not enforce a client cert. + * The cert checking code later does enforcement + */ + gnutls_certificate_server_set_request(session->handle, + GNUTLS_CERT_REQUEST); } =20 gnutls_transport_set_ptr(session->handle, session); --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177568; cv=none; d=zohomail.com; s=zohoarc; b=Kmfjc9eFEU0x0r0Eisvey6rUZ5lTgeIrxfE1udiqYoqb9dD7JjLjmkmWln2UHBDDezousqPkAp+Xy0a7kcoPp5YlMGEawjcGpLbzUlSeflPi/reJhEW71lR+u/8v/yiAHjRF2UoAh0HSDRwKx82C7l1TSKE/CYPh/ZpJfXxxx3I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177568; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tCxLqJi7xD0AWowsjNt3hTZd2yiQP9cWMIJ/7CpO5+A=; b=PqtIW/tii/l07lf6ramIB7AWdznc8jbzJtOVAwN14J07L5kThWFCGgAxhjnEsGdvkD++FXgo/h/B4o4VPEChCB3B3vJUehX3YwFNdER8xAOFT4hIUi4ZKeaeEqzt/sFbzFRAsG/0OZOpzBjJ0/tHrEsG+0bpT4i/VtByGorncew= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176217756810810.477758198268134; Mon, 3 Nov 2025 05:46:08 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuo1-0001VT-Ak; Mon, 03 Nov 2025 08:41:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunq-0001JN-PD for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:59 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunb-0004k5-A8 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:57 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-317-JqWFa9mANMuAuFQ08JG_TQ-1; Mon, 03 Nov 2025 08:40:37 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 34B231955F29; Mon, 3 Nov 2025 13:40:36 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 19BB41800451; Mon, 3 Nov 2025 13:40:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tCxLqJi7xD0AWowsjNt3hTZd2yiQP9cWMIJ/7CpO5+A=; b=JTYetYYRhw0jf48194H9szeBbZ/igBXK7W/GT4lmPa+eRq++wN6olS3RO1VWEyUEaU2ob8 NUWcGtC7w7+Umu1u+r/+yFFTmwTZ4akrihrqozOgz2vMKb8RsvT/NvFUrO/OnmSgi7aE60 uPd1jFuMmQFSi1WGOGvfxdmacTNKk9E= X-MC-Unique: JqWFa9mANMuAuFQ08JG_TQ-1 X-Mimecast-MFC-AGG-ID: JqWFa9mANMuAuFQ08JG_TQ_1762177236 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 26/32] crypto: make TLS credentials structs private Date: Mon, 3 Nov 2025 13:37:20 +0000 Message-ID: <20251103133727.423041-27-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177579314158500 Now that the TLS session code no longer needs to look at the TLS credential structs, they can be made private. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsanon.c | 5 ++++- crypto/tlscredspriv.h | 15 --------------- crypto/tlscredspsk.c | 5 +++++ crypto/tlscredsx509.c | 6 ++++++ 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 0a728ccbf6..646574d6ae 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -27,11 +27,14 @@ #include "trace.h" =20 =20 +struct QCryptoTLSCredsAnon { + QCryptoTLSCreds parent_obj; +}; + #ifdef CONFIG_GNUTLS =20 #include =20 - static int qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, Error **errp) diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 4e6dffa22f..69dac02437 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -37,21 +37,6 @@ struct QCryptoTLSCreds { QCryptoTLSCredsBox *box; }; =20 -struct QCryptoTLSCredsAnon { - QCryptoTLSCreds parent_obj; -}; - -struct QCryptoTLSCredsPSK { - QCryptoTLSCreds parent_obj; - char *username; -}; - -struct QCryptoTLSCredsX509 { - QCryptoTLSCreds parent_obj; - bool sanityCheck; - char *passwordid; -}; - #ifdef CONFIG_GNUTLS =20 int qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 5568f1ad0c..8879c84ea7 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -27,6 +27,11 @@ #include "trace.h" =20 =20 +struct QCryptoTLSCredsPSK { + QCryptoTLSCreds parent_obj; + char *username; +}; + #ifdef CONFIG_GNUTLS =20 #include diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 388ddb7f0e..397ff4caa9 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -28,6 +28,12 @@ #include "trace.h" =20 =20 +struct QCryptoTLSCredsX509 { + QCryptoTLSCreds parent_obj; + bool sanityCheck; + char *passwordid; +}; + #ifdef CONFIG_GNUTLS =20 #include --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177505; cv=none; d=zohomail.com; s=zohoarc; b=Bk5WYI8+A9a5J1PBLibS3IvO7eI2oKAppCcUqr3bF0P44PlhOwV9Yt5GYgTru+22SLbnMQgOu7QgJHNtNZTqCvpVz+GWRS56O/ww+mUJss+7H03huS4i7V72uOrhN1ZQnA+6m1Od9FwecfGqcWqd8sjtjxy7A8D7mQGSei6lmX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177505; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0aHV5ZwA+auvzXowWLXibx+g4bqRoA0nm01awGkq0pU=; b=SaaocNCoRMb/slMhZSGoNgx75UPSqm3U4ZlzpX7Tzj6LIh8IpVfXUtUdHopY6JJ8KRVuLUsfLwAC38/M9atsRANJ83cfxoYLywQ63xLxe4kASVbpML9EgWFEkvlsgAsU6IypEcAdNtvY5gkarmbAv/2jq5OB1LjVb/YcbxG8Ync= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177505266133.29022868502182; Mon, 3 Nov 2025 05:45:05 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoF-0001oW-4J; Mon, 03 Nov 2025 08:41:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuny-0001RC-2C for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:07 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunj-0004kR-25 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:01 -0500 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-543-HV-bKrEdMtukRLCqi8curg-1; Mon, 03 Nov 2025 08:40:43 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 16D34180035D; Mon, 3 Nov 2025 13:40:42 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 80F2F1800578; Mon, 3 Nov 2025 13:40:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177246; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0aHV5ZwA+auvzXowWLXibx+g4bqRoA0nm01awGkq0pU=; b=HyCZqIOEIV7xHyYLZLrEsV6ELMNtSSDeJJXUeSum3vbMoghBsuhJ4FGNhGY2O5OrRWsqOH RjsVq+ffY5oLoPzGN0AquaRDgxXyWGI3n4BTSwavCXXiXnAyFx15GhJTIZejtHbrKd1VMm Zo4UL9XfpMjjFoiUrPDW7PdeirgB1Fs= X-MC-Unique: HV-bKrEdMtukRLCqi8curg-1 X-Mimecast-MFC-AGG-ID: HV-bKrEdMtukRLCqi8curg_1762177242 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 27/32] crypto: deprecate use of external dh-params.pem file Date: Mon, 3 Nov 2025 13:37:21 +0000 Message-ID: <20251103133727.423041-28-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177507023154100 GNUTLS has deprecated use of externally provided diffie-hellman parameters. Since 3.6.0 it will automatically negotiate DH params in accordance with RFC7919. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 24 ++++++++---------------- crypto/tlscredsanon.c | 6 ++++-- crypto/tlscredspsk.c | 6 ++++-- crypto/tlscredsx509.c | 4 +++- docs/about/deprecated.rst | 9 +++++++++ docs/system/tls.rst | 12 +++++++----- 6 files changed, 35 insertions(+), 26 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 9912e3ffbf..3d25efe425 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -22,6 +22,7 @@ #include "qapi/error.h" #include "qapi-types-crypto.h" #include "qemu/module.h" +#include "qemu/error-report.h" #include "tlscredspriv.h" #include "trace.h" =20 @@ -38,22 +39,7 @@ qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *cr= eds, =20 trace_qcrypto_tls_creds_load_dh(creds, filename ? filename : ""); =20 - if (filename =3D=3D NULL) { - ret =3D gnutls_dh_params_init(dh_params); - if (ret < 0) { - error_setg(errp, "Unable to initialize DH parameters: %s", - gnutls_strerror(ret)); - return -1; - } - ret =3D gnutls_dh_params_generate2(*dh_params, DH_BITS); - if (ret < 0) { - gnutls_dh_params_deinit(*dh_params); - *dh_params =3D NULL; - error_setg(errp, "Unable to generate DH parameters: %s", - gnutls_strerror(ret)); - return -1; - } - } else { + if (filename !=3D NULL) { GError *gerr =3D NULL; gchar *contents; gsize len; @@ -67,6 +53,10 @@ qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *cr= eds, g_error_free(gerr); return -1; } + warn_report_once("Use of an external DH parameters file '%s' is " + "deprecated and will be removed in a future relea= se", + filename); + data.data =3D (unsigned char *)contents; data.size =3D len; ret =3D gnutls_dh_params_init(dh_params); @@ -87,6 +77,8 @@ qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *cre= ds, filename, gnutls_strerror(ret)); return -1; } + } else { + *dh_params =3D NULL; } =20 return 0; diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 646574d6ae..1551382e1f 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -68,8 +68,10 @@ qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, return -1; } =20 - gnutls_anon_set_server_dh_params(box->data.anonserver, - box->dh_params); + if (box->dh_params) { + gnutls_anon_set_server_dh_params(box->data.anonserver, + box->dh_params); + } } else { ret =3D gnutls_anon_allocate_client_credentials(&box->data.anoncli= ent); if (ret < 0) { diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 8879c84ea7..e1b1e1a613 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -129,8 +129,10 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, gnutls_strerror(ret)); goto cleanup; } - gnutls_psk_set_server_dh_params(box->data.pskserver, - box->dh_params); + if (box->dh_params) { + gnutls_psk_set_server_dh_params(box->data.pskserver, + box->dh_params); + } } else { box =3D qcrypto_tls_creds_box_new_client(GNUTLS_CRD_PSK); =20 diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 397ff4caa9..e28fcdc6ff 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -683,7 +683,9 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, errp) < 0) { return -1; } - gnutls_certificate_set_dh_params(box->data.cert, box->dh_params); + if (box->dh_params) { + gnutls_certificate_set_dh_params(box->data.cert, box->dh_param= s); + } } creds->parent_obj.box =3D g_steal_pointer(&box); =20 diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 4ee98d6646..03e29915f0 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -385,6 +385,15 @@ Options are: - move backing file to NVDIMM storage and keep ``pmem=3Don`` (to have NVDIMM with persistence guaranties). =20 +Using an external DH (Diffie-Hellman) parameters file (since 10.2) +'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' + +Loading of external Diffie-Hellman parameters from a 'dh-params.pem' +file is deprecated and will be removed with no replacement in a +future release. Where no 'dh-params.pem' file is provided, the DH +parameters will be automatically negotiated in accordance with +RFC7919. + Device options -------------- =20 diff --git a/docs/system/tls.rst b/docs/system/tls.rst index a4f6781d62..44c4bf04e9 100644 --- a/docs/system/tls.rst +++ b/docs/system/tls.rst @@ -251,11 +251,13 @@ When specifying the object, the ``dir`` parameters sp= ecifies which directory contains the credential files. This directory is expected to contain files with the names mentioned previously, ``ca-cert.pem``, ``server-key.pem``, ``server-cert.pem``, ``client-key.pem`` and -``client-cert.pem`` as appropriate. It is also possible to include a set -of pre-generated Diffie-Hellman (DH) parameters in a file -``dh-params.pem``, which can be created using the -``certtool --generate-dh-params`` command. If omitted, QEMU will -dynamically generate DH parameters when loading the credentials. +``client-cert.pem`` as appropriate. + +While it is possible to include a set of pre-generated Diffie-Hellman +(DH) parameters in a file ``dh-params.pem``, this facility is now +deprecated and will be removed in a future release. When omitted the +DH parameters will be automatically negotiated in accordance with +RFC7919. =20 The ``endpoint`` parameter indicates whether the credentials will be used for a network client or server, and determines which PEM files are --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177453; cv=none; d=zohomail.com; s=zohoarc; b=nfxX4AVIQI+6aRmo/jt5ZJyQg79QxqaUxAga8MCsONl1QxIczDLKvqLIwUskhy82dmfKb+ai04Zjl/5cJjphVjQxh3xlPBNBesy0FH9cZ+9nz4DhCKLqsqcptYBZexqjgoolunttIMF7eO3crk57VlcawmfRPa1Fncd7ohiPccI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177453; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=i+wl3Y233lrhS1xjLwDeX9h6halIAMNlbqNzecBa4Sk=; b=TByKd6f/S/98kiRVJv0oqabooIYA497/IcjPu+fJBGsPJKg/X5JbDj1TAInkfvgye/TGzgpn80GT3V9X9To9nwiQsWWbvsgAgLXkXsGh93rKwyWbabHIBBgp86Z15/Nw0ypE72w6Dx/+UOjwYPViXjrdFa1VrxZez98mT/Z59fY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177453137751.0661870303798; Mon, 3 Nov 2025 05:44:13 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoC-0001e3-Gm; Mon, 03 Nov 2025 08:41:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFunu-0001Pd-89 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:04 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuno-0004kk-JK for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:40:59 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-218-rdWFTPlIPnmiAeQ_MwaOpQ-1; Mon, 03 Nov 2025 08:40:49 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 35D1518009C2; Mon, 3 Nov 2025 13:40:48 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D58AD180057A; Mon, 3 Nov 2025 13:40:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177252; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i+wl3Y233lrhS1xjLwDeX9h6halIAMNlbqNzecBa4Sk=; b=SoY0ZiGiwa/tfIe2KruKc3MFsqgjnPF3VjyKFc++7VSQyVnrGriUCjCLh9vOa9avOkUqyO FKARO1pBMtiNrQnF7nsRkOSHcVW+v+QY7npfQVdwLz5E02VCIPPFvJgZnPNqkkpMG3cCOG H4JcUiNpeRduyAcGgiihHHfUOn+gShQ= X-MC-Unique: rdWFTPlIPnmiAeQ_MwaOpQ-1 X-Mimecast-MFC-AGG-ID: rdWFTPlIPnmiAeQ_MwaOpQ_1762177248 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 28/32] crypto: avoid loading the CA certs twice Date: Mon, 3 Nov 2025 13:37:22 +0000 Message-ID: <20251103133727.423041-29-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177458587158500 The x509 TLS credentials code will load the CA certs once to perform sanity chcking on the certs, then discard the certificate objects and let gnutls load them a second time. This introduces a new QCryptoTLSCredsX509Files struct which will hold the CA certificates loaded for sanity checking and pass them on to gnutls, avoiding the duplicated loading. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 141 ++++++++++++++++++++++++++---------------- 1 file changed, 87 insertions(+), 54 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index e28fcdc6ff..911942a1a1 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -40,6 +40,35 @@ struct QCryptoTLSCredsX509 { #include =20 =20 +typedef struct QCryptoTLSCredsX509Files QCryptoTLSCredsX509Files; +struct QCryptoTLSCredsX509Files { + char *cacertpath; + gnutls_x509_crt_t *cacerts; + unsigned int ncacerts; +}; + +static QCryptoTLSCredsX509Files * +qcrypto_tls_creds_x509_files_new(void) +{ + return g_new0(QCryptoTLSCredsX509Files, 1); +} + + +static void +qcrypto_tls_creds_x509_files_free(QCryptoTLSCredsX509Files *files) +{ + size_t i; + for (i =3D 0; i < files->ncacerts; i++) { + gnutls_x509_crt_deinit(files->cacerts[i]); + } + g_free(files->cacerts); + g_free(files->cacertpath); + g_free(files); +} + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSCredsX509Files, + qcrypto_tls_creds_x509_files_free); + static int qcrypto_tls_creds_check_cert_times(gnutls_x509_crt_t cert, const char *certFile, @@ -315,11 +344,9 @@ qcrypto_tls_creds_check_cert(QCryptoTLSCredsX509 *cred= s, =20 static int qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsX509Files *files, gnutls_x509_crt_t *certs, unsigned int ncerts, - gnutls_x509_crt_t *cacerts, - unsigned int ncacerts, - const char *cacertFile, bool isServer, Error **errp) { @@ -360,13 +387,13 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCre= dsX509 *creds, * reached the root of trust. */ return qcrypto_tls_creds_check_cert( - creds, cert_to_check, cacertFile, + creds, cert_to_check, files->cacertpath, isServer, true, errp); } - for (int i =3D 0; i < ncacerts; i++) { + for (int i =3D 0; i < files->ncacerts; i++) { if (gnutls_x509_crt_check_issuer(cert_to_check, - cacerts[i])) { - cert_issuer =3D cacerts[i]; + files->cacerts[i])) { + cert_issuer =3D files->cacerts[i]; break; } } @@ -374,7 +401,7 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCreds= X509 *creds, break; } =20 - if (qcrypto_tls_creds_check_cert(creds, cert_issuer, cacertFile, + if (qcrypto_tls_creds_check_cert(creds, cert_issuer, files->cacert= path, isServer, true, errp) < 0) { return -1; } @@ -394,19 +421,17 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCre= dsX509 *creds, } =20 static int -qcrypto_tls_creds_check_cert_pair(gnutls_x509_crt_t *certs, +qcrypto_tls_creds_check_cert_pair(QCryptoTLSCredsX509Files *files, + gnutls_x509_crt_t *certs, size_t ncerts, const char *certFile, - gnutls_x509_crt_t *cacerts, - size_t ncacerts, - const char *cacertFile, bool isServer, Error **errp) { unsigned int status; =20 if (gnutls_x509_crt_list_verify(certs, ncerts, - cacerts, ncacerts, + files->cacerts, files->ncacerts, NULL, 0, 0, &status) < 0) { error_setg(errp, isServer ? @@ -414,7 +439,7 @@ qcrypto_tls_creds_check_cert_pair(gnutls_x509_crt_t *ce= rts, "CA certificate %s" : "Unable to verify client certificate %s against " "CA certificate %s", - certFile, cacertFile); + certFile, files->cacertpath); return -1; } =20 @@ -439,7 +464,7 @@ qcrypto_tls_creds_check_cert_pair(gnutls_x509_crt_t *ce= rts, =20 error_setg(errp, "Our own certificate %s failed validation against %s: %= s", - certFile, cacertFile, reason); + certFile, files->cacertpath, reason); return -1; } =20 @@ -490,15 +515,13 @@ qcrypto_tls_creds_load_cert_list(QCryptoTLSCredsX509 = *creds, =20 static int qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsX509Files *files, bool isServer, - const char *cacertFile, const char *certFile, Error **errp) { gnutls_x509_crt_t *certs =3D NULL; unsigned int ncerts =3D 0; - gnutls_x509_crt_t *cacerts =3D NULL; - unsigned int ncacerts =3D 0; size_t i; int ret =3D -1; =20 @@ -514,16 +537,6 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX50= 9 *creds, } } =20 - if (qcrypto_tls_creds_load_cert_list(creds, - cacertFile, - &cacerts, - &ncacerts, - isServer, - true, - errp) < 0) { - goto cleanup; - } - for (i =3D 0; i < ncerts; i++) { if (qcrypto_tls_creds_check_cert(creds, certs[i], certFile, @@ -533,17 +546,14 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX5= 09 *creds, } =20 if (ncerts && - qcrypto_tls_creds_check_authority_chain(creds, + qcrypto_tls_creds_check_authority_chain(creds, files, certs, ncerts, - cacerts, ncacerts, - cacertFile, isServer, - errp) < 0) { + isServer, errp) < 0) { goto cleanup; } =20 - if (ncerts && ncacerts && - qcrypto_tls_creds_check_cert_pair(certs, ncerts, certFile, - cacerts, ncacerts, cacertFile, + if (ncerts && + qcrypto_tls_creds_check_cert_pair(files, certs, ncerts, certFile, isServer, errp) < 0) { goto cleanup; } @@ -555,21 +565,53 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX5= 09 *creds, gnutls_x509_crt_deinit(certs[i]); } g_free(certs); - for (i =3D 0; i < ncacerts; i++) { - gnutls_x509_crt_deinit(cacerts[i]); - } - g_free(cacerts); =20 return ret; } =20 =20 +static int +qcrypto_tls_creds_x509_load_ca(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsBox *box, + QCryptoTLSCredsX509Files *files, + bool isServer, + Error **errp) +{ + int ret; + + if (qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_CA_CERT, + true, &files->cacertpath, errp) < 0) { + return -1; + } + + if (qcrypto_tls_creds_load_cert_list(creds, + files->cacertpath, + &files->cacerts, + &files->ncacerts, + isServer, + true, + errp) < 0) { + return -1; + } + + ret =3D gnutls_certificate_set_x509_trust(box->data.cert, + files->cacerts, files->ncacert= s); + if (ret < 0) { + error_setg(errp, "Cannot set CA certificate '%s': %s", + files->cacertpath, gnutls_strerror(ret)); + return -1; + } + + return 0; +} + static int qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, Error **errp) { g_autoptr(QCryptoTLSCredsBox) box =3D NULL; - g_autofree char *cacert =3D NULL; + g_autoptr(QCryptoTLSCredsX509Files) files =3D NULL; g_autofree char *cacrl =3D NULL; g_autofree char *cert =3D NULL; g_autofree char *key =3D NULL; @@ -598,9 +640,9 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, return -1; } =20 - if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CA_CERT, - true, &cacert, errp) < 0) { + files =3D qcrypto_tls_creds_x509_files_new(); + + if (qcrypto_tls_creds_x509_load_ca(creds, box, files, isServer, errp) = < 0) { return -1; } =20 @@ -631,17 +673,8 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, } =20 if (creds->sanityCheck && - qcrypto_tls_creds_x509_sanity_check(creds, isServer, - cacert, cert, errp) < 0) { - return -1; - } - - ret =3D gnutls_certificate_set_x509_trust_file(box->data.cert, - cacert, - GNUTLS_X509_FMT_PEM); - if (ret < 0) { - error_setg(errp, "Cannot load CA certificate '%s': %s", - cacert, gnutls_strerror(ret)); + qcrypto_tls_creds_x509_sanity_check(creds, files, isServer, + cert, errp) < 0) { return -1; } =20 --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177550; cv=none; d=zohomail.com; s=zohoarc; b=Ij7nKEZyHzKE+NPynFvvtS3JT3ud7KbYZ9dSsXNX/nyXY582K/2QzH1tXrGsHgg0YMox7jzm42hncHMIjBmoKpBQ9lhL3G5Qf66sO8QqZGYA2tr4n3QfFWO5OO7mGQ8DxwV9MyohjHa1h2QCRXLVO36ClIZYVWsLcUDCo9KETj8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177550; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0uEcHdicPbI7vauGnFTOKP2TTGoUOw1aMXmrpx625CY=; b=J1ZRG67x057Z7VMI91PZgCs4/NNUm8CiLlWTR8K9GGfF2GQT1ONGvjlRhqIBrGAJFC8lK9Pq5mtBh0AkonvBKM9otyi+fgEPViL58X+RfsVYQ9FlrX0ApHtGj5fcxuzrTIKHr6Ay+s/kDu0ao4NJ6ANyO3yYOl1mTsJwiQ3IqC4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177550713532.9038945520514; Mon, 3 Nov 2025 05:45:50 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoL-00027l-MP; Mon, 03 Nov 2025 08:41:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoB-0001l0-Nt for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:20 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuny-0004lF-FB for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:19 -0500 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-678-8ntX6A_mMmK22yvwH4x_Ng-1; Mon, 03 Nov 2025 08:40:56 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 216241808998; Mon, 3 Nov 2025 13:40:54 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 62C101800451; Mon, 3 Nov 2025 13:40:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177259; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0uEcHdicPbI7vauGnFTOKP2TTGoUOw1aMXmrpx625CY=; b=TfYCDtYzSsXMKBGwA4GsvU6JrRKPagPEsXBsk0rgNzVjCb+hd2vd9qxBWggScixrp27e/I q9skuWWmhqm/w/1Gpcq9MfhtoTMrHydn+mtkszF6ZkT1RDCCeiU+tlju/TIwpto1VP+sWq oJDMvves7xRzEo0Nw4idcbOg/hCiQIo= X-MC-Unique: 8ntX6A_mMmK22yvwH4x_Ng-1 X-Mimecast-MFC-AGG-ID: 8ntX6A_mMmK22yvwH4x_Ng_1762177254 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 29/32] crypto: avoid loading the identity certs twice Date: Mon, 3 Nov 2025 13:37:23 +0000 Message-ID: <20251103133727.423041-30-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177561262158500 The x509 TLS credentials code will load the identity certs once to perform sanity chcking on the certs, then discard the certificate objects and let gnutls load them a second time. This extends the previous QCryptoTLSCredsX509Files struct to also hold the identity certificates & key loaded for sanity checking and pass them on to gnutls, avoiding the duplicated loading. The unit tests need updating because we now correctly diagnose the error scenario where the cert PEM file exists, without its matching key PEM file. Previously that error was mistakenly ignored. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 246 +++++++++++++++++--------- tests/unit/test-crypto-tlscredsx509.c | 8 +- 2 files changed, 164 insertions(+), 90 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 911942a1a1..c016633d65 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -45,6 +45,12 @@ struct QCryptoTLSCredsX509Files { char *cacertpath; gnutls_x509_crt_t *cacerts; unsigned int ncacerts; + + char *certpath; + char *keypath; + gnutls_x509_crt_t *certs; + unsigned int ncerts; + gnutls_x509_privkey_t key; }; =20 static QCryptoTLSCredsX509Files * @@ -63,6 +69,13 @@ qcrypto_tls_creds_x509_files_free(QCryptoTLSCredsX509Fil= es *files) } g_free(files->cacerts); g_free(files->cacertpath); + for (i =3D 0; i < files->ncerts; i++) { + gnutls_x509_crt_deinit(files->certs[i]); + } + gnutls_x509_privkey_deinit(files->key); + g_free(files->certs); + g_free(files->certpath); + g_free(files->keypath); g_free(files); } =20 @@ -477,14 +490,13 @@ qcrypto_tls_creds_load_cert_list(QCryptoTLSCredsX509 = *creds, const char *certFile, gnutls_x509_crt_t **certs, unsigned int *ncerts, - bool isServer, - bool isCA, Error **errp) { gnutls_datum_t data; g_autofree char *buf =3D NULL; gsize buflen; GError *gerr =3D NULL; + int ret; =20 *ncerts =3D 0; trace_qcrypto_tls_creds_x509_load_cert_list(creds, certFile); @@ -499,13 +511,60 @@ qcrypto_tls_creds_load_cert_list(QCryptoTLSCredsX509 = *creds, data.data =3D (unsigned char *)buf; data.size =3D strlen(buf); =20 - if (gnutls_x509_crt_list_import2(certs, ncerts, &data, - GNUTLS_X509_FMT_PEM, 0) < 0) { - error_setg(errp, - isCA ? "Unable to import CA certificate list %s" : - (isServer ? "Unable to import server certificate %s" : - "Unable to import client certificate %s"), - certFile); + ret =3D gnutls_x509_crt_list_import2(certs, ncerts, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + error_setg(errp, "Unable to import certificate %s: %s", + certFile, gnutls_strerror(ret)); + return -1; + } + + return 0; +} + + +static int +qcrypto_tls_creds_load_privkey(QCryptoTLSCredsX509 *creds, + const char *keyFile, + gnutls_x509_privkey_t *key, + Error **errp) +{ + gnutls_datum_t data; + g_autofree char *buf =3D NULL; + g_autofree char *password =3D NULL; + gsize buflen; + GError *gerr =3D NULL; + int ret; + + ret =3D gnutls_x509_privkey_init(key); + if (ret < 0) { + error_setg(errp, "Unable to initialize private key: %s", + gnutls_strerror(ret)); + return -1; + } + + if (!g_file_get_contents(keyFile, &buf, &buflen, &gerr)) { + error_setg(errp, "Cannot load private key %s: %s", + keyFile, gerr->message); + g_error_free(gerr); + return -1; + } + + data.data =3D (unsigned char *)buf; + data.size =3D strlen(buf); + + if (creds->passwordid) { + password =3D qcrypto_secret_lookup_as_utf8(creds->passwordid, + errp); + if (!password) { + return -1; + } + } + + if (gnutls_x509_privkey_import2(*key, &data, + GNUTLS_X509_FMT_PEM, + password, 0) < 0) { + error_setg(errp, "Unable to import private key %s", keyFile); return -1; } =20 @@ -517,56 +576,34 @@ static int qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, QCryptoTLSCredsX509Files *files, bool isServer, - const char *certFile, Error **errp) { - gnutls_x509_crt_t *certs =3D NULL; - unsigned int ncerts =3D 0; size_t i; - int ret =3D -1; - - if (certFile) { - if (qcrypto_tls_creds_load_cert_list(creds, - certFile, - &certs, - &ncerts, - isServer, - false, - errp) < 0) { - goto cleanup; - } - } =20 - for (i =3D 0; i < ncerts; i++) { + for (i =3D 0; i < files->ncerts; i++) { if (qcrypto_tls_creds_check_cert(creds, - certs[i], certFile, + files->certs[i], files->certpath, isServer, i !=3D 0, errp) < 0) { - goto cleanup; + return -1; } } =20 - if (ncerts && + if (files->ncerts && qcrypto_tls_creds_check_authority_chain(creds, files, - certs, ncerts, + files->certs, files->ncert= s, isServer, errp) < 0) { - goto cleanup; - } - - if (ncerts && - qcrypto_tls_creds_check_cert_pair(files, certs, ncerts, certFile, - isServer, errp) < 0) { - goto cleanup; + return -1; } =20 - ret =3D 0; - - cleanup: - for (i =3D 0; i < ncerts; i++) { - gnutls_x509_crt_deinit(certs[i]); + if (files->ncerts && + qcrypto_tls_creds_check_cert_pair(files, + files->certs, files->ncerts, + files->certpath, isServer, + errp) < 0) { + return -1; } - g_free(certs); =20 - return ret; + return 0; } =20 =20 @@ -589,8 +626,6 @@ qcrypto_tls_creds_x509_load_ca(QCryptoTLSCredsX509 *cre= ds, files->cacertpath, &files->cacerts, &files->ncacerts, - isServer, - true, errp) < 0) { return -1; } @@ -606,6 +641,79 @@ qcrypto_tls_creds_x509_load_ca(QCryptoTLSCredsX509 *cr= eds, return 0; } =20 + +static int +qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsBox *box, + QCryptoTLSCredsX509Files *files, + bool isServer, + Error **errp) +{ + int ret; + + if (isServer) { + if (qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_SERVER_CERT, + true, &files->certpath, errp) < 0 || + qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_SERVER_KEY, + true, &files->keypath, errp) < 0) { + return -1; + } + } else { + if (qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, + false, &files->certpath, errp) < 0 = || + qcrypto_tls_creds_get_path(&creds->parent_obj, + QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, + false, &files->keypath, errp) < 0) { + return -1; + } + } + + if (!files->certpath && + !files->keypath) { + return 0; + } + if (files->certpath && !files->keypath) { + error_setg(errp, "Cert '%s' without corresponding key", + files->certpath); + return -1; + } + if (!files->certpath && files->keypath) { + error_setg(errp, "Key '%s' without corresponding cert", + files->keypath); + return -1; + } + + if (qcrypto_tls_creds_load_cert_list(creds, + files->certpath, + &files->certs, + &files->ncerts, + errp) < 0) { + return -1; + } + + if (qcrypto_tls_creds_load_privkey(creds, + files->keypath, + &files->key, + errp) < 0) { + return -1; + } + + ret =3D gnutls_certificate_set_x509_key(box->data.cert, + files->certs, + files->ncerts, + files->key); + if (ret < 0) { + error_setg(errp, "Cannot set certificate '%s' & key '%s': %s", + files->certpath, files->keypath, gnutls_strerror(ret)); + return -1; + } + return 0; +} + + static int qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, Error **errp) @@ -613,8 +721,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, g_autoptr(QCryptoTLSCredsBox) box =3D NULL; g_autoptr(QCryptoTLSCredsX509Files) files =3D NULL; g_autofree char *cacrl =3D NULL; - g_autofree char *cert =3D NULL; - g_autofree char *key =3D NULL; g_autofree char *dhparams =3D NULL; bool isServer =3D (creds->parent_obj.endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER); @@ -646,59 +752,27 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *cred= s, return -1; } =20 + if (qcrypto_tls_creds_x509_load_identity(creds, box, files, + isServer, errp) < 0) { + return -1; + } + if (isServer) { if (qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_X509_CA_CRL, false, &cacrl, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_SERVER_CERT, - true, &cert, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_SERVER_KEY, - true, &key, errp) < 0 || qcrypto_tls_creds_get_path(&creds->parent_obj, QCRYPTO_TLS_CREDS_DH_PARAMS, false, &dhparams, errp) < 0) { return -1; } - } else { - if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, - false, &cert, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, - false, &key, errp) < 0) { - return -1; - } } =20 if (creds->sanityCheck && - qcrypto_tls_creds_x509_sanity_check(creds, files, isServer, - cert, errp) < 0) { + qcrypto_tls_creds_x509_sanity_check(creds, files, isServer, errp) = < 0) { return -1; } =20 - if (cert !=3D NULL && key !=3D NULL) { - g_autofree char *password =3D NULL; - if (creds->passwordid) { - password =3D qcrypto_secret_lookup_as_utf8(creds->passwordid, - errp); - if (!password) { - return -1; - } - } - ret =3D gnutls_certificate_set_x509_key_file2(box->data.cert, - cert, key, - GNUTLS_X509_FMT_PEM, - password, - 0); - if (ret < 0) { - error_setg(errp, "Cannot load certificate '%s' & key '%s': %s", - cert, key, gnutls_strerror(ret)); - return -1; - } - } - if (cacrl !=3D NULL) { ret =3D gnutls_certificate_set_x509_crl_file(box->data.cert, cacrl, diff --git a/tests/unit/test-crypto-tlscredsx509.c b/tests/unit/test-crypto= -tlscredsx509.c index a5f21728d4..b1ad7d5c0d 100644 --- a/tests/unit/test-crypto-tlscredsx509.c +++ b/tests/unit/test-crypto-tlscredsx509.c @@ -95,16 +95,16 @@ static void test_tls_creds(const void *opaque) if (access(data->crt, R_OK) =3D=3D 0) { g_assert(link(data->crt, CERT_DIR QCRYPTO_TLS_CREDS_X509_SERVER_CERT) =3D= =3D 0); + g_assert(link(KEYFILE, + CERT_DIR QCRYPTO_TLS_CREDS_X509_SERVER_KEY) =3D= =3D 0); } - g_assert(link(KEYFILE, - CERT_DIR QCRYPTO_TLS_CREDS_X509_SERVER_KEY) =3D=3D 0= ); } else { if (access(data->crt, R_OK) =3D=3D 0) { g_assert(link(data->crt, CERT_DIR QCRYPTO_TLS_CREDS_X509_CLIENT_CERT) =3D= =3D 0); + g_assert(link(KEYFILE, + CERT_DIR QCRYPTO_TLS_CREDS_X509_CLIENT_KEY) =3D= =3D 0); } - g_assert(link(KEYFILE, - CERT_DIR QCRYPTO_TLS_CREDS_X509_CLIENT_KEY) =3D=3D 0= ); } =20 creds =3D test_tls_creds_create( --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177401; cv=none; d=zohomail.com; s=zohoarc; b=Jj+LB2HexsI4ghgHLRJTwMcyrLXc+SgxwB7GXhLMfh0NaQCzz306ziB2gn160dbKKRBjm63xMxelt97C+Riv45SMRwVRBq/UykRE1qumsqCxfJG8ZpTYY+pH9+sF+k0PK5XOA3DBftZ0mPWFazbqaD3vHQiFpfxcdo+lhhKVLhc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177401; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+4yftrUZg3uTbuzR4wx/X192jBUfkk4YqQFxscmreWM=; b=PIGlNNC3SLB5YGReLZjezvCgsivK480TGNujDpIAEO+A8HOWgXqfzSPvfsxG/WCywv+QJoiVOk5fqK1Qy4J1BosGqdXTMA6NQjSmv/ghDQlRPAZuPQ3YkWRLdnPE3WN1Tiy8dyOOig/FeZFmEvdTxRKiMTrXJOJv6PjFzQu/7TA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176217740186347.56741328385999; Mon, 3 Nov 2025 05:43:21 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoG-0001yW-4x; Mon, 03 Nov 2025 08:41:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoA-0001jC-6m for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:21 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuo0-0004ll-38 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:17 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-684-1-ARyqrvOja48pQXFC7CfQ-1; Mon, 03 Nov 2025 08:41:01 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B3C6D1955F2E; Mon, 3 Nov 2025 13:41:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 52CEB1800578; Mon, 3 Nov 2025 13:40:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+4yftrUZg3uTbuzR4wx/X192jBUfkk4YqQFxscmreWM=; b=VLho1ssoA7fHAdP/yMkBZ3/UVSisHRIFvpOcWlU03/AlLKNszvaItI3i6YWfIUWjYEq/mZ rpFQZl3E+k8/9YlvKTPzJDAOUDZtGez2RwURZ+rIgPGoOdX3m+CIX4Hut6zxmfMv7rTxhg s2E1vP7MqnZ0Ta7IPfiq9VXD73wY+mQ= X-MC-Unique: 1-ARyqrvOja48pQXFC7CfQ-1 X-Mimecast-MFC-AGG-ID: 1-ARyqrvOja48pQXFC7CfQ_1762177260 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 30/32] crypto: expand logic to cope with multiple certificate identities Date: Mon, 3 Nov 2025 13:37:24 +0000 Message-ID: <20251103133727.423041-31-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177408207158500 Currently only a single set of certificates can be loaded for a server / client. Certificates are created using a particular key algorithm and in some scenarios it can be useful to support multiple algorithms in parallel. This requires the ability to load multiple sets of certificates. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 165 +++++++++++++++++++++++++++++------------- 1 file changed, 113 insertions(+), 52 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index c016633d65..ecffde67c5 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -40,17 +40,23 @@ struct QCryptoTLSCredsX509 { #include =20 =20 +typedef struct QCryptoTLSCredsX509IdentFiles QCryptoTLSCredsX509IdentFiles; +struct QCryptoTLSCredsX509IdentFiles { + char *certpath; + char *keypath; + gnutls_x509_crt_t *certs; + unsigned int ncerts; + gnutls_x509_privkey_t key; +}; + typedef struct QCryptoTLSCredsX509Files QCryptoTLSCredsX509Files; struct QCryptoTLSCredsX509Files { char *cacertpath; gnutls_x509_crt_t *cacerts; unsigned int ncacerts; =20 - char *certpath; - char *keypath; - gnutls_x509_crt_t *certs; - unsigned int ncerts; - gnutls_x509_privkey_t key; + QCryptoTLSCredsX509IdentFiles **identities; + size_t nidentities; }; =20 static QCryptoTLSCredsX509Files * @@ -61,14 +67,9 @@ qcrypto_tls_creds_x509_files_new(void) =20 =20 static void -qcrypto_tls_creds_x509_files_free(QCryptoTLSCredsX509Files *files) +qcrypto_tls_creds_x509_ident_files_free(QCryptoTLSCredsX509IdentFiles *fil= es) { size_t i; - for (i =3D 0; i < files->ncacerts; i++) { - gnutls_x509_crt_deinit(files->cacerts[i]); - } - g_free(files->cacerts); - g_free(files->cacertpath); for (i =3D 0; i < files->ncerts; i++) { gnutls_x509_crt_deinit(files->certs[i]); } @@ -79,6 +80,26 @@ qcrypto_tls_creds_x509_files_free(QCryptoTLSCredsX509Fil= es *files) g_free(files); } =20 +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSCredsX509IdentFiles, + qcrypto_tls_creds_x509_ident_files_free); + + +static void +qcrypto_tls_creds_x509_files_free(QCryptoTLSCredsX509Files *files) +{ + size_t i; + for (i =3D 0; i < files->ncacerts; i++) { + gnutls_x509_crt_deinit(files->cacerts[i]); + } + g_free(files->cacerts); + g_free(files->cacertpath); + for (i =3D 0; i < files->nidentities; i++) { + qcrypto_tls_creds_x509_ident_files_free(files->identities[i]); + } + g_free(files->identities); + g_free(files); +} + G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSCredsX509Files, qcrypto_tls_creds_x509_files_free); =20 @@ -573,33 +594,32 @@ qcrypto_tls_creds_load_privkey(QCryptoTLSCredsX509 *c= reds, =20 =20 static int -qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, - QCryptoTLSCredsX509Files *files, - bool isServer, - Error **errp) +qcrypto_tls_creds_x509_sanity_check_identity(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsX509Files *fil= es, + QCryptoTLSCredsX509IdentFiles= *ifiles, + bool isServer, + Error **errp) { size_t i; =20 - for (i =3D 0; i < files->ncerts; i++) { + for (i =3D 0; i < ifiles->ncerts; i++) { if (qcrypto_tls_creds_check_cert(creds, - files->certs[i], files->certpath, + ifiles->certs[i], ifiles->certpat= h, isServer, i !=3D 0, errp) < 0) { return -1; } } =20 - if (files->ncerts && + if (ifiles->ncerts && qcrypto_tls_creds_check_authority_chain(creds, files, - files->certs, files->ncert= s, + ifiles->certs, ifiles->nce= rts, isServer, errp) < 0) { return -1; } =20 - if (files->ncerts && - qcrypto_tls_creds_check_cert_pair(files, - files->certs, files->ncerts, - files->certpath, isServer, - errp) < 0) { + if (ifiles->ncerts && + qcrypto_tls_creds_check_cert_pair(files, ifiles->certs, ifiles->nc= erts, + ifiles->certpath, isServer, errp= ) < 0) { return -1; } =20 @@ -607,6 +627,26 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX50= 9 *creds, } =20 =20 +static int +qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsX509Files *files, + bool isServer, + Error **errp) +{ + size_t i; + for (i =3D 0; i < files->nidentities; i++) { + if (qcrypto_tls_creds_x509_sanity_check_identity(creds, + files, + files->identities= [i], + isServer, + errp) < 0) { + return -1; + } + } + return 0; +} + + static int qcrypto_tls_creds_x509_load_ca(QCryptoTLSCredsX509 *creds, QCryptoTLSCredsBox *box, @@ -642,48 +682,38 @@ qcrypto_tls_creds_x509_load_ca(QCryptoTLSCredsX509 *c= reds, } =20 =20 -static int +static QCryptoTLSCredsX509IdentFiles * qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX509 *creds, QCryptoTLSCredsBox *box, - QCryptoTLSCredsX509Files *files, - bool isServer, + const char *certbase, + const char *keybase, + bool isOptional, Error **errp) { + g_autoptr(QCryptoTLSCredsX509IdentFiles) files =3D + g_new0(QCryptoTLSCredsX509IdentFiles, 1); int ret; =20 - if (isServer) { - if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_SERVER_CERT, - true, &files->certpath, errp) < 0 || - qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_SERVER_KEY, - true, &files->keypath, errp) < 0) { - return -1; - } - } else { - if (qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, - false, &files->certpath, errp) < 0 = || - qcrypto_tls_creds_get_path(&creds->parent_obj, - QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, - false, &files->keypath, errp) < 0) { - return -1; - } + if (qcrypto_tls_creds_get_path(&creds->parent_obj, certbase, + !isOptional, &files->certpath, errp) < = 0 || + qcrypto_tls_creds_get_path(&creds->parent_obj, keybase, + !isOptional, &files->keypath, errp) < 0= ) { + return NULL; } =20 if (!files->certpath && !files->keypath) { - return 0; + return NULL; } if (files->certpath && !files->keypath) { error_setg(errp, "Cert '%s' without corresponding key", files->certpath); - return -1; + return NULL; } if (!files->certpath && files->keypath) { error_setg(errp, "Key '%s' without corresponding cert", files->keypath); - return -1; + return NULL; } =20 if (qcrypto_tls_creds_load_cert_list(creds, @@ -691,14 +721,14 @@ qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX= 509 *creds, &files->certs, &files->ncerts, errp) < 0) { - return -1; + return NULL; } =20 if (qcrypto_tls_creds_load_privkey(creds, files->keypath, &files->key, errp) < 0) { - return -1; + return NULL; } =20 ret =3D gnutls_certificate_set_x509_key(box->data.cert, @@ -708,8 +738,39 @@ qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX5= 09 *creds, if (ret < 0) { error_setg(errp, "Cannot set certificate '%s' & key '%s': %s", files->certpath, files->keypath, gnutls_strerror(ret)); + return NULL; + } + return g_steal_pointer(&files); +} + + +static int +qcrypto_tls_creds_x509_load_identities(QCryptoTLSCredsX509 *creds, + QCryptoTLSCredsBox *box, + QCryptoTLSCredsX509Files *files, + bool isServer, + Error **errp) +{ + QCryptoTLSCredsX509IdentFiles *ifiles; + + ifiles =3D qcrypto_tls_creds_x509_load_identity( + creds, box, + isServer ? + QCRYPTO_TLS_CREDS_X509_SERVER_CERT : + QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, + isServer ? + QCRYPTO_TLS_CREDS_X509_SERVER_KEY : + QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, + !isServer, errp); + if (!ifiles) { return -1; } + + files->identities =3D g_renew(QCryptoTLSCredsX509IdentFiles *, + files->identities, + files->nidentities + 1); + files->identities[files->nidentities++] =3D ifiles; + return 0; } =20 @@ -752,8 +813,8 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, return -1; } =20 - if (qcrypto_tls_creds_x509_load_identity(creds, box, files, - isServer, errp) < 0) { + if (qcrypto_tls_creds_x509_load_identities(creds, box, files, + isServer, errp) < 0) { return -1; } =20 --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177507; cv=none; d=zohomail.com; s=zohoarc; b=Qd7oz4VQtIhu63Z3gsYagxB24itLzZMu+cbpGQxrFXBxitulCVVOUiFvJGU06dHXXtVLWlh0YY1RUtBgDHS0WxbiWm1iyVrxJG1UOFCPUmBtgSfVsg7c6VpImboe4/cVdXZOs2qziPApl0YNYFZ2sVS2aSQY9J8P1ecG1ncGM18= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177507; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KjpATX8pKa9UpkzArhztImu4+CXYoUYzf2RH3iFU9SA=; b=T0zgauFsDvB1mc3r1eL1sdn76D373NzVruxXMDX2Xf+PNO+nRK6/nQDnVhUtuZKh3r+JP6rJAvb6Oe4GbI46XOlaJRU/IvJmIoB5g6wZcGHS4SJ3Jburwyk5Qt3eukTxkT0040XjwTnCSeZcZqzWfCAAA9UehYtS+JoU/XSvEWI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177507939108.62211047987012; Mon, 3 Nov 2025 05:45:07 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoN-0002Lu-Ex; Mon, 03 Nov 2025 08:41:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoM-0002Is-3B for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:30 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoA-0004m6-RZ for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:29 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-83-hNI8-UTVMAyhr_98eUmL_w-1; Mon, 03 Nov 2025 08:41:08 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DC0BB1955DCE; Mon, 3 Nov 2025 13:41:07 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 857FE1800576; Mon, 3 Nov 2025 13:41:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177272; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KjpATX8pKa9UpkzArhztImu4+CXYoUYzf2RH3iFU9SA=; b=G8VkRsHK37GVNoEQT2HOsJ14sPoe25fHfMessOjsMLJSHRUXXE0ezHXGHcTKqsTulJB7fK o7UDK9Y946u1yMp5X2NzTZGmn+h1sFHT7UPh1xTAoNzJ6GUuStK91S3sjkwHJxPuzHfCtY T81Ltv4aMaB8FmrIlKO3HiRF+VAr7Qc= X-MC-Unique: hNI8-UTVMAyhr_98eUmL_w-1 X-Mimecast-MFC-AGG-ID: hNI8-UTVMAyhr_98eUmL_w_1762177268 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 31/32] crypto: support upto 5 parallel certificate identities Date: Mon, 3 Nov 2025 13:37:25 +0000 Message-ID: <20251103133727.423041-32-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177510987154100 The default (required) identity is stored in server-cert.pem / client-cert.pem and server-key.pem / client-key.pem. The 4 extra (optional) identities are stored in server-cert-$N.pem / client-cert-$N.pem and server-key-$N.pem / client-key-$N.pem. The numbering starts at 0 and the first missing cert/key pair will terminate the loading process. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscreds.c | 10 +++++- crypto/tlscredspriv.h | 3 ++ crypto/tlscredsx509.c | 68 ++++++++++++++++++++++++++++------- crypto/tlssession.c | 1 + crypto/trace-events | 1 + docs/system/tls.rst | 54 ++++++++++++++++++++++++++-- include/crypto/tlscredsx509.h | 6 ++++ 7 files changed, 127 insertions(+), 16 deletions(-) diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 3d25efe425..fb09e295a6 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -85,6 +85,14 @@ qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *cr= eds, } =20 =20 +char * +qcrypto_tls_creds_build_path(QCryptoTLSCreds *creds, + const char *filename) +{ + return g_strdup_printf("%s/%s", creds->dir, filename); +} + + int qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, const char *filename, @@ -94,7 +102,7 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, { int ret =3D -1; =20 - *cred =3D g_strdup_printf("%s/%s", creds->dir, filename); + *cred =3D qcrypto_tls_creds_build_path(creds, filename); =20 if (access(*cred, R_OK) < 0) { if (errno =3D=3D ENOENT && !required) { diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 69dac02437..8f2d096c7f 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -39,6 +39,9 @@ struct QCryptoTLSCreds { =20 #ifdef CONFIG_GNUTLS =20 +char *qcrypto_tls_creds_build_path(QCryptoTLSCreds *creds, + const char *filename); + int qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, const char *filename, bool required, diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index ecffde67c5..b8d0cd2f18 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -687,7 +687,6 @@ qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX50= 9 *creds, QCryptoTLSCredsBox *box, const char *certbase, const char *keybase, - bool isOptional, Error **errp) { g_autoptr(QCryptoTLSCredsX509IdentFiles) files =3D @@ -695,9 +694,9 @@ qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX50= 9 *creds, int ret; =20 if (qcrypto_tls_creds_get_path(&creds->parent_obj, certbase, - !isOptional, &files->certpath, errp) < = 0 || + false, &files->certpath, errp) < 0 || qcrypto_tls_creds_get_path(&creds->parent_obj, keybase, - !isOptional, &files->keypath, errp) < 0= ) { + false, &files->keypath, errp) < 0) { return NULL; } =20 @@ -706,13 +705,17 @@ qcrypto_tls_creds_x509_load_identity(QCryptoTLSCredsX= 509 *creds, return NULL; } if (files->certpath && !files->keypath) { - error_setg(errp, "Cert '%s' without corresponding key", - files->certpath); + g_autofree char *keypath =3D + qcrypto_tls_creds_build_path(&creds->parent_obj, keybase); + error_setg(errp, "Cert '%s' without corresponding key '%s'", + files->certpath, keypath); return NULL; } if (!files->certpath && files->keypath) { - error_setg(errp, "Key '%s' without corresponding cert", - files->keypath); + g_autofree char *certpath =3D + qcrypto_tls_creds_build_path(&creds->parent_obj, certbase); + error_setg(errp, "Key '%s' without corresponding cert '%s'", + files->keypath, certpath); return NULL; } =20 @@ -751,7 +754,9 @@ qcrypto_tls_creds_x509_load_identities(QCryptoTLSCredsX= 509 *creds, bool isServer, Error **errp) { + ERRP_GUARD(); QCryptoTLSCredsX509IdentFiles *ifiles; + size_t i; =20 ifiles =3D qcrypto_tls_creds_x509_load_identity( creds, box, @@ -761,15 +766,52 @@ qcrypto_tls_creds_x509_load_identities(QCryptoTLSCred= sX509 *creds, isServer ? QCRYPTO_TLS_CREDS_X509_SERVER_KEY : QCRYPTO_TLS_CREDS_X509_CLIENT_KEY, - !isServer, errp); - if (!ifiles) { + errp); + if (!ifiles && *errp) { return -1; } =20 - files->identities =3D g_renew(QCryptoTLSCredsX509IdentFiles *, - files->identities, - files->nidentities + 1); - files->identities[files->nidentities++] =3D ifiles; + if (ifiles) { + files->identities =3D g_renew(QCryptoTLSCredsX509IdentFiles *, + files->identities, + files->nidentities + 1); + files->identities[files->nidentities++] =3D ifiles; + } + + for (i =3D 0; i < QCRYPTO_TLS_CREDS_X509_IDENTITY_MAX; i++) { + g_autofree char *cert =3D g_strdup_printf( + isServer ? + QCRYPTO_TLS_CREDS_X509_SERVER_CERT_N : + QCRYPTO_TLS_CREDS_X509_CLIENT_CERT_N, i); + g_autofree char *key =3D g_strdup_printf( + isServer ? + QCRYPTO_TLS_CREDS_X509_SERVER_KEY_N : + QCRYPTO_TLS_CREDS_X509_CLIENT_KEY_N, i); + + ifiles =3D qcrypto_tls_creds_x509_load_identity(creds, box, + cert, key, errp); + if (!ifiles && *errp) { + return -1; + } + if (!ifiles) { + break; + } + + files->identities =3D g_renew(QCryptoTLSCredsX509IdentFiles *, + files->identities, + files->nidentities + 1); + files->identities[files->nidentities++] =3D ifiles; + } + + if (files->nidentities =3D=3D 0 && isServer) { + g_autofree char *certpath =3D qcrypto_tls_creds_build_path( + &creds->parent_obj, QCRYPTO_TLS_CREDS_X509_SERVER_CERT); + g_autofree char *keypath =3D qcrypto_tls_creds_build_path( + &creds->parent_obj, QCRYPTO_TLS_CREDS_X509_SERVER_KEY); + error_setg(errp, "Missing server cert '%s' & key '%s'", + certpath, keypath); + return -1; + } =20 return 0; } diff --git a/crypto/tlssession.c b/crypto/tlssession.c index a1dc3b3ce0..314e3e96ba 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -345,6 +345,7 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession= *session, goto error; } session->peername =3D (char *)g_steal_pointer(&dname.data); + trace_qcrypto_tls_session_check_x509_dn(session, session->peer= name); if (session->authzid) { bool allow; =20 diff --git a/crypto/trace-events b/crypto/trace-events index d0e33427fa..771f9b8a6e 100644 --- a/crypto/trace-events +++ b/crypto/trace-events @@ -21,6 +21,7 @@ qcrypto_tls_creds_x509_load_cert_list(void *creds, const = char *file) "TLS creds # tlssession.c qcrypto_tls_session_new(void *session, void *creds, const char *hostname, = const char *authzid, int endpoint) "TLS session new session=3D%p creds=3D%p= hostname=3D%s authzid=3D%s endpoint=3D%d" qcrypto_tls_session_check_creds(void *session, const char *status) "TLS se= ssion check creds session=3D%p status=3D%s" +qcrypto_tls_session_check_x509_dn(void *session, const char *dname) "TLS s= ession check x509 distinguished name session=3D%p dname=3D%s" qcrypto_tls_session_parameters(void *session, int threadSafety, int protoc= ol, int cipher) "TLS session parameters session=3D%p threadSafety=3D%d prot= ocol=3D%d cipher=3D%d" qcrypto_tls_session_bug1717_workaround(void *session) "TLS session bug1717= workaround session=3D%p" =20 diff --git a/docs/system/tls.rst b/docs/system/tls.rst index 44c4bf04e9..7cec4ac3df 100644 --- a/docs/system/tls.rst +++ b/docs/system/tls.rst @@ -36,8 +36,58 @@ server and exposing it directly to remote browser client= s. In such a case it might be useful to use a commercial CA to avoid needing to install custom CA certs in the web browsers. =20 -The recommendation is for the server to keep its certificates in either -``/etc/pki/qemu`` or for unprivileged users in ``$HOME/.pki/qemu``. +.. _tls_cert_file_naming: + +Certificate file naming +~~~~~~~~~~~~~~~~~~~~~~~ + +In a simple setup, where all QEMU instances on a machine share the +same TLS configuration, it is suggested that QEMU certificates be +kept in either ``/etc/pki/qemu`` or, for unprivileged users, in +``$HOME/.pki/qemu``. Where different QEMU subsystems require +different certificate configurations, sub-dirs of these locations +may be chosen. + +The default file names that QEMU will traditionally load are: + +* ``ca-cert.pem`` - mandatory; for both client and server configurations +* ``ca-crl.pem`` - optional; for server configurations only +* ``server-cert.pem`` - mandatory; for server configurations only +* ``server-key.pem`` - mandatory; for server configurations only +* ``client-cert.pem`` - optional; for client configurations only +* ``client-key.pem`` - optional; for client configurations only +* ``dh-params.pem`` - optional; for server configurations only + +Since QEMU 10.2.0, there is support for loading upto four additional +identities: + +* ``server-cert-[IDX].pem`` - optional; for server configurations only +* ``server-key-[IDX].pem`` - optional; for server configurations only +* ``client-cert-[IDX].pem`` - optional; for client configurations only +* ``client-key-[IDX].pem`` - optional; for client configurations only + +where ``-[IDX]`` is one of the digits 0-3. Loading will terminate at +the first absent index. The index based certificate files may be used +as a replacement for, or in addition to, the traditional non-index +based certificate files. The traditional certificate files will be +loaded first, if present, then the index based certificates. Where +multiple certificates are compatible with a TLS session, the first +loaded certificate will preferred. IOW file naming can influence +which certificates are used for a session. + +The use of multiple sets of certificates is intended to allow an +incremental transition to certificates using different crytographic +algorithms. This allows a newly deployed QEMU to introduce use of +stronger cryptographic algorithms that will be preferred when talking +to other newly deployed QEMU instances, while retaining compatbility +with certificates issued to a historically deployed QEMU. This is +notably useful to support live migration from an old QEMU deployed +on older operating system releases, which may support fewer crypto +algorithm choices than the current OS. + +The certificate creation commands below will be illustrated using +the traditional naming scheme, but their args can be substituted +to use the indexed naming in the obvious manner. =20 .. _tls_005fgenerate_005fca: =20 diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index c4daba21a6..61b7f73573 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -37,7 +37,13 @@ typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX= 509Class; #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem" #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem" #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem" +#define QCRYPTO_TLS_CREDS_X509_SERVER_KEY_N "server-key-%zu.pem" +#define QCRYPTO_TLS_CREDS_X509_SERVER_CERT_N "server-cert-%zu.pem" +#define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY_N "client-key-%zu.pem" +#define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT_N "client-cert-%zu.pem" =20 +/* Max number of additional cert/key pairs (ie _N constants) */ +#define QCRYPTO_TLS_CREDS_X509_IDENTITY_MAX 4 =20 /** * QCryptoTLSCredsX509: --=20 2.51.1 From nobody Sun Nov 16 00:54:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1762177500; cv=none; d=zohomail.com; s=zohoarc; b=aMDsxrERtzLSeGKAT9/9F+PuyCs5ct04C2YPNbRmV811A37kuiyVGxtXN3Kgk4q0OFUzIkhbTmQHbvHNrZuA37y5zhFPrgc6z+tN8fpCQIwgdna3WFw7MBcAsPvTvPXo4e1GC1900RIMhEsvTZcl+39Cg5aRMedMepU9N8H39Ik= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762177500; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=kMOnFs37bd9OkUmQnLjQkOBLu2AvkT/NHTBzwDCM7sA=; b=U7x50mzxIHJV9FzQM+tm6RZZBXCh9xm2BTAtgkCsDms+Yvr7Z8zSJc6YPNf/itsZoj8LCVpinhq/5siGjTwYuuDzEa2MoDGwsEWXQcwAveCxyFUR01XEYF+0XFWZrM2xPGlDyEgnV0Vu3DnsrD9xpl+d5FaTnrcReMgqjSzOG9s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1762177500778411.6387001674585; Mon, 3 Nov 2025 05:45:00 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vFuoS-0002d5-Vy; Mon, 03 Nov 2025 08:41:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoN-0002Lv-2J for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:31 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vFuoE-0004mK-L1 for qemu-devel@nongnu.org; Mon, 03 Nov 2025 08:41:30 -0500 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-370-SGQMprmjNru8xsnniRRXHg-1; Mon, 03 Nov 2025 08:41:14 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2CDF01955F04; Mon, 3 Nov 2025 13:41:13 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.202]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CD09C1800576; Mon, 3 Nov 2025 13:41:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762177277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kMOnFs37bd9OkUmQnLjQkOBLu2AvkT/NHTBzwDCM7sA=; b=hVyBcHiKnD5VXauN62ImPVqLYXYICmZoQ0KlvKuOXT+nDMCucJhBkZPgR9LYzqAA6khdIS oaNGPvX+gz69s+4JyR7AZBS5F1ojLN2vMWODynhD572kgPp/gO+eUMlpre3/xbm5LG8p82 lMidbGiED1BG7qys5E+Pddzy8YtXzfc= X-MC-Unique: SGQMprmjNru8xsnniRRXHg-1 X-Mimecast-MFC-AGG-ID: SGQMprmjNru8xsnniRRXHg_1762177273 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , devel@lists.libvirt.org, Laurent Vivier Subject: [PULL 32/32] docs: creation of x509 certs compliant with post-quantum crypto Date: Mon, 3 Nov 2025 13:37:26 +0000 Message-ID: <20251103133727.423041-33-berrange@redhat.com> In-Reply-To: <20251103133727.423041-1-berrange@redhat.com> References: <20251103133727.423041-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1762177504802158500 Explain how to alter the certtool commands for creating certficates, so that they can use algorithms that are compliant with post-quantum crytography standards. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/tls.rst | 68 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/docs/system/tls.rst b/docs/system/tls.rst index 7cec4ac3df..03fa1d8166 100644 --- a/docs/system/tls.rst +++ b/docs/system/tls.rst @@ -345,6 +345,74 @@ example with VNC: =20 .. _tls_005fpsk: =20 +TLS certificates for Post-Quantum Cryptography +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Given a new enough gnutls release, suitably integrated & configured with t= he +operating system crypto policies, QEMU is able to support post-quantum +crytography on TLS enabled services, either exclusively or in a hybrid mod= e. + +In exclusive mode, only a single set of certificates need to be configured +for QEMU, with PQC compliant algorithms. Such a QEMU configuration will on= ly +be able to interoperate with other services (including other QEMU's) that +also have PQC enabled. This can result in compatibility concerns during the +period of transition over to PQC compliant algorithms. + +In hybrid mode, multiple sets of certificates need to be configured for QE= MU, +at least one set with traditional (non-PQC compliant) algorithms, and at l= east +one other set with modern (PQC compliant) algorithms. At time of the TLS +handshake, the GNUTLS algorithm priorities should ensure that PQC compliant +algorithms are negotiated if both sides of the connection support PQC. If = one +side lacks PQC, the TLS handshake should fallback to the non-PQC algorithm= s. +This can assist with interoperability during the transition to PQC, but ha= s a +potential weakness wrt downgrade attacks forcing use of non-PQC algorithms. +Exclusive PQC mode should be preferred where both peers in the TLS connect= ions +are known to support PQC. + +Key generation parameters +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To create certificates with PQC compliant algorithms, the ``--key-type`` +argument must be passed to ``certtool`` when creating private keys. No +extra arguments are required for the other ``certtool`` commands, as +their behaviour will be determined by the private key type. + +The typical PQC compliant algorithms to use are ``ML-DSA-44``, ``ML-DSA-65= `` +and ``ML-DSA-87``, with ``ML-DSA-65`` being a suitable default choice in +the absence of explicit requirements. + +Taking the example earlier, for creating a key for a client certificate, +to use ``ML-DSA-65`` the command line would be modified to look like:: + + # certtool --generate-privkey --key-type=3Dmldsa65 > client-hostNNN-key= .pem + +The equivalent modification applies to the creation of the private keys +used for server certs, or root/intermediate CA certs. + +For hybrid mode, the additional indexed certificate naming must be used. +If multiple configured certificates are compatible with the mutually +supported crypto algorithms between the client and server, then the +first matching certificate will be used. + +IOW, to ensure that PQC certificates are preferred, they must use a +non-index based filename, or use an index that is smaller than any +non-PQC certificates. ie, ``server-cert.pem`` for PQC and ``server-cert-0.= pem`` +for non-PQC, or ``server-cert-0.pem`` for PQC and ``server-cert-1.pem`` for +non-PQC. + +Force disabling PQC via crypto priority +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In the OS configuration for system crypto algorithm priorities has +enabled PQC, this can (optionally) be overriden in QEMU configuration +disable use of PQC using the ``priority`` parameter to the ``tls-creds-x50= 9`` +object:: + + NO_MLDSA=3D"-SIGN-ML-DSA-65:-SIGN-ML-DSA-44:-SIGN-ML-DSA-87" + NO_MLKEM=3D"-GROUP-X25519-MLKEM768:-GROUP-SECP256R1-MLKEM768:-GROUP-SECP= 384R1-MLKEM1024" + # qemu-nbd --object tls-creds-x509,id=3Dtls0,endpoint=3Dserver,dir=3D...= .,priority=3D@SYSTEM:$NO_MLDSA:$NO_MLKEM + + TLS Pre-Shared Keys (PSK) ~~~~~~~~~~~~~~~~~~~~~~~~~ =20 --=20 2.51.1