problem where ipv4=off && ipv6=off
would be treated the same as ipv4=on && ipv6=on
Signed-off-by: Daniel P. Berrange
---
util/qemu-sockets.c | 91 +
1 file changed, 36 insertions(+), 55 deletions(-)
diff --git a/util/qemu-socke
&& ipv6=off
would be treated the same as ipv4=on && ipv6=on
This removes the very last use of QemuOpts from the
sockets code, so the socket_optslist[] array is also
removed.
Signed-off-by: Daniel P. Berrange
---
include/qemu/sockets.h | 1 -
util/qemu-s
On Fri, Nov 13, 2015 at 02:01:12PM +0100, Gerd Hoffmann wrote:
> On Fr, 2015-11-13 at 11:31 +0000, Daniel P. Berrange wrote:
> > Developers on 64-bit machines will often try to perform a
> > 32-bit build of QEMU by running
> >
> > ./configure --extra-cflags="
var will affect what
toolchain binaries and -config scripts are found. The
LD_LIBRARY_PATH var will affect what libraries are found.
All these key env variables should be recorded in the
config.status script.
Signed-off-by: Daniel P. Berrange
---
Open question: are there more env vars we sh
On Tue, Nov 17, 2015 at 12:06:55PM -0700, Eric Blake wrote:
> On 11/17/2015 10:59 AM, Daniel P. Berrange wrote:
> > Suggested in
> >
> > https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg03298.html
> >
> > The config.status script is auto-generated by c
On Tue, Nov 17, 2015 at 03:22:04PM -0700, Eric Blake wrote:
> On 11/17/2015 10:00 AM, Daniel P. Berrange wrote:
> > The socket_listen method accepts a QAPI SocketAddress object
> > which it then turns into QemuOpts before calling the
> > inet_listen_opts/unix_listen_op
On Tue, Nov 17, 2015 at 03:40:58PM -0700, Eric Blake wrote:
> On 11/17/2015 10:00 AM, Daniel P. Berrange wrote:
> > The socket_connect method accepts a QAPI SocketAddress object
> > which it then turns into QemuOpts before calling the
> > inet_connect_opts/unix_connect_op
On Wed, Nov 18, 2015 at 11:08:58AM +0100, Markus Armbruster wrote:
> Eric Blake writes:
>
> > *** WARNING: THE ATTACHED DOCUMENT(S) CONTAIN MACROS ***
> > *** MACROS MAY CONTAIN MALICIOUS CODE ***
> > *** Open only if you can verify and trust the sender ***
> > *** Please contact info...@redhat.c
The
LD_LIBRARY_PATH var will affect what libraries are found.
Most commands have env variables that will override the
name/path of the default version configure finds. All
these key env variables should be recorded in the
config.status script.
Signed-off-by: Daniel P. Berrange
---
configure
11-18 15:42:26 +)
Pull qcrypto fixes 2015/11/18 v1
--------
Daniel P. Berrange (4):
crypto: fix leak of gnutls_dh_params_t data on credential unload
crypto: fix mista
The QCryptoTLSCredsX509 object was not free'ing the allocated
gnutls_dh_params_t data when unloading the credentials
Signed-off-by: Daniel P. Berrange
---
crypto/tlscredsx509.c | 4
1 file changed, 4 insertions(+)
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index dc
d not expect to be
set.
Signed-off-by: Daniel P. Berrange
---
crypto/tlssession.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index ffc5c47..3735529 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -304,9 +
The test_tls_get_ipaddr() method forgot to free the returned data
from getaddrinfo().
The test_tls_write_cert_chain() method forgot to free the allocated
buffer holding the certificate data after writing it out to a file.
Signed-off-by: Daniel P. Berrange
---
tests/crypto-tls-x509-helpers.c
On Wed, Nov 18, 2015 at 08:44:28AM -0700, Eric Blake wrote:
> On 11/18/2015 03:08 AM, Daniel P. Berrange wrote:
> > On Tue, Nov 17, 2015 at 03:22:04PM -0700, Eric Blake wrote:
> >> On 11/17/2015 10:00 AM, Daniel P. Berrange wrote:
> >>> The socket_listen method accep
should none the less be avoided.
Signed-off-by: Daniel P. Berrange
---
crypto/tlscredsx509.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index c5d1a0d..d080deb 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
-directional file descriptors such as
sockets, regular files, character devices, etc. The
second works with a pair of unidirectional file descriptors
such as pipes.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-watch.h | 72
io/Makefile.objs | 1 +
io
ts in websockets code instead of magic
values (David Gilbert)
Daniel P. Berrange (9):
io: add abstract QIOChannel classes
io: add helper module for creating watches on FDs
io: add QIOTask class for async operations
io: add QIOChannelSocket class
io: add QIOChannelFile class
io: add QI
code.
Signed-off-by: Daniel P. Berrange
---
MAINTAINERS | 7 +
Makefile | 2 +
Makefile.objs| 5 +
Makefile.target | 2 +
include/io/channel.h | 503 +++
io/Makefile.objs | 1 +
io/channel.c
Add a QIOChannel subclass that is capable of operating on things
that are files, such as plain files, pipes, character/block
devices, but notably not sockets.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-file.h| 93 +
io/Makefile.objs | 1 +
io
Add a QIOChannel subclass that is capable of performing I/O
to/from a separate process, via a pair of pipes. The command
can be used for unidirectional or bi-directional I/O.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-command.h| 91 ++
io/Makefile.objs
pt of QIOTask is inspired by the GAsyncResult
interface / GTask class in the GIO libraries. The min
version requirements on glib don't allow those to be
used from QEMU, so QIOTask provides a facsimilie which
can be easily switched to GTask in the future if the
min version is increased.
Signed-off-by
-off-by: Daniel P. Berrange
---
include/io/channel-buffer.h| 60 ++
io/Makefile.objs | 1 +
io/channel-buffer.c| 261 +
tests/.gitignore | 1 +
tests/Makefile | 3 +
tests/test-io-cha
Add a QIOChannel subclass that can run the websocket protocol over
the top of another QIOChannel instance. This initial implementation
is only capable of acting as a websockets server. There is no support
for acting as a websockets client yet.
Signed-off-by: Daniel P. Berrange
---
include/io
take an
existing QIOChannel that has done some handshake and then swap
in the QIOChannelTLS layer. This allows for use with protocols
which start TLS right away, and those which start plain text
and then negotiate TLS.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-tls.h| 142
no asynchronous DNS lookup API available, it uses the
QIOTask helper for spawning a background thread to ensure
non-blocking operation.
Signed-off-by: Daniel P. Berrange
---
configure | 11 +
include/io/channel-socket.h| 244 +
include/qemu/sockets.h
In preparation for introducing TLS support to the TCP chardev
backend, convert existing chardev code from using GIOChannel
to QIOChannel. This simplifies the chardev code by removing
most of the OS platform conditional code for dealing with
file descriptor passing.
Signed-off-by: Daniel P
d found a few bugs
initially which I have since fixed.
The TLS support has been tested for interoperability using
the gnutls-serv and gnutls-client programs which provide
stub TLS endpoints/clients respectively.
Daniel P. Berrange (4):
char: remove fixed length filename allocation
char:
patches which will want to
populate the filename by calling external functions
which do not support use of a pre-allocated buffer.
Signed-off-by: Daniel P. Berrange
---
qemu-char.c | 86 +++--
1 file changed, 44 insertions(+), 42 deletions
telnet initialization
code into a memory buffer and then use an I/O watch to fully
send the data.
Signed-off-by: Daniel P. Berrange
---
qemu-char.c | 85 -
1 file changed, 67 insertions(+), 18 deletions(-)
diff --git a/qemu-char.c b/qemu
s0 \
-device isa-serial,chardev=s0 \
-object tls-creds-x509,id=tls0,endpoint=client,\
dir=/home/berrange/security/qemutls
Signed-off-by: Daniel P. Berrange
---
qapi-schema.json | 2 +
qemu-char.c | 138 ++-
qemu-options.hx |
oVNC proxy websockets client with and without
TLS support.
Daniel P. Berrange (3):
ui: convert VNC server to use QIOChannelSocket
ui: convert VNC server to use QIOChannelTLS
ui: convert VNC server to use QIOChannelWebsock
ui/vnc-auth-sasl.c | 57 -
ui/vnc-auth-vencrypt.c | 93 +++-
ui/
Switch VNC server over to using the QIOChannelTLS object for
the TLS session. This removes all remaining VNC specific code
for dealing with TLS handshakes.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-auth-vencrypt.c | 106 ++---
ui/vnc-ws.c
The minimal first step conversion to use QIOChannelSocket
classes instead of directly using POSIX sockets API. This
will later be extended to also cover the TLS, SASL and
websockets code.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-auth-sasl.c | 57 +++--
ui/vnc-auth-vencrypt.c | 27
Remove custom websock handling code from the VNC server and use
the QIOChannelWebsock class instead.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-ws.c | 328 +---
ui/vnc-ws.h | 63
ui/vnc.c| 27 +
ui/vnc.h| 4
On Thu, Nov 19, 2015 at 10:20:22AM +0100, Markus Armbruster wrote:
> Andreas Färber writes:
>
> > From: "Daniel P. Berrange"
> >
> > Some users of QOM need to be able to iterate over properties
> > defined against an object instance. Currently they are
On Thu, Nov 19, 2015 at 10:54:15AM +, Peter Maydell wrote:
> On 18 November 2015 at 20:39, Andreas Färber wrote:
> > Hello Peter,
> >
> > This is my late QOM (devices) patch queue. Please pull.
> >
> > Regards,
> > Andreas
> >
> > Cc: Peter
On Thu, Nov 19, 2015 at 01:03:39PM +, Dr. David Alan Gilbert wrote:
> * Markus Armbruster (arm...@redhat.com) wrote:
> > "Please keep this list in alphabetical order" has been more honoured
> > in the breach than in the observance. Clean up.
> >
> > While there, drop a redundant struct declar
On Wed, Nov 18, 2015 at 09:39:38PM +0100, Andreas Färber wrote:
> Add the QOM unit tests to the QOM maintenance area so that maintainers
> get CC'ed on changes and to document QOM test coverage.
>
> Cc: Daniel P. Berrange
> Cc: Igor Mammedov
> Signed-off-by: Andreas Färbe
On Thu, Nov 19, 2015 at 03:09:47PM +0100, Andreas Färber wrote:
> Am 19.11.2015 um 12:53 schrieb Daniel P. Berrange:
> > On Thu, Nov 19, 2015 at 10:54:15AM +, Peter Maydell wrote:
> >> On 18 November 2015 at 20:39, Andreas Färber wrote:
> >>> Hello Peter,
&
ror will be reported if an attempt
is made to pass a decryption password.
Signed-off-by: Daniel P. Berrange
---
crypto/tlscredsx509.c | 47 +++
include/crypto/tlscredsx509.h | 1 +
qemu-options.hx | 8 +++-
3 files changed, 55 insertio
Add a 'keyid' parameter that refers to the ID of a
QCryptoSecret instance that provides the encryption key.
$QEMU \
-object secret,id=sec0,filename=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow2,keyid=sec0
Signed-off-by: Daniel P. Berrange
---
blo
Add a 'keyid' parameter that refers to the ID of a
QCryptoSecret instance that provides the encryption key.
eg
$QEMU \
-object secret,id=sec0,filename=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow,keyid=sec0
Signed-off-by: Daniel P. Berrange
---
bl
Add a qcrypto_hash_digest_len() method which allows querying of
the raw digest size for a given hash algorithm.
Signed-off-by: Daniel P. Berrange
---
crypto/hash.c| 15 +++
include/crypto/hash.h| 11 +++
tests/test-crypto-hash.c | 5 +
3 files changed
Refuse to open a qcow/qcow2 image with encryption if write
access has been requested. To enable historic data to be
liberated support for reading images is retained, as it
does not pose an unreasonable support burden now that the
new key handling infrastructure is inplace.
Signed-off-by: Daniel P
this, move object_add to user_creatable_add
an qmp_object_del to user_creatable_del, in the
object_interfaces.c file
Signed-off-by: Daniel P. Berrange
---
hmp.c | 11 --
include/monitor/monitor.h | 3 --
include/qom/object_interfaces.h | 31 +
/berrange/demo.qcow2
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 37 -
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/qemu-io.c b/qemu-io.c
index cf1dac6..fc7f81b 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -373,6 +373,7 @@ static void
Adds new methods to allow querying the length of the cipher
key, block size and initialization vectors.
Signed-off-by: Daniel P. Berrange
---
crypto/cipher.c| 48 ++
include/crypto/cipher.h| 37
he header to be much larger.
The main limitation of the LUKS impl is that it currently
lacks support for the XTS cipher mode, so only CBC can be
used. This is because I'm yet to find any attractive impl
of XTS that QEMU can reuse, as either gcrypt/nettle provide
it yet. TBD...
Daniel
Instead of requiring separate input/output buffers for
encrypting data, change qcow2_encrypt_sectors() to assume
use of a single buffer, encrypting in place. The current
callers all used the same buffer for input/output already.
Signed-off-by: Daniel P. Berrange
---
block/qcow2-cluster.c | 17
.txt,id=sec0
The BDRV_O_NO_IO flag allows this error to be skipped,
for use when 'qemu-img info' wants to open the file
to query the headers, but not perform any actual I/O
operations.
Signed-off-by: Daniel P. Berrange
---
block/qcow.c | 7 +
block/qcow2.c
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs| 1 +
crypto/random.c | 50 +
include/crypto/random.h | 43 ++
3 files changed, 94 insertions(+)
create mode 100644 crypto/random.c
object secret,id=sec0,file=mypasswd.txt \
...other nbd args...
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c| 85 +++
qemu-nbd.texi | 7 +
2 files changed, 92 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 3af
The LUKS format specifies an anti-forensic split algorithm which
is used to artificially expand the size of the key material on
disk. This is an implementation of that algorithm.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs| 1 +
crypto/afsplit.c| 194
accepts a full option
string, as well as the original syntax eg
qemu-img info driver=http,url=https://127.0.0.1/images,sslverify=off
Signed-off-by: Daniel P. Berrange
---
include/qemu/option.h | 1 +
qemu-img.c| 474 ++
util/qemu
--source /home/berrange/demo.qcow2
Signed-off-by: Daniel P. Berrange
---
qemu-nbd.c | 57 ++---
1 file changed, 50 insertions(+), 7 deletions(-)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 41f4285..980355e 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
The QCryptoCipherAlgorithm and QCryptoCipherMode enums are
defined in the crypto/cipher.h header. In the future some
QAPI types will want to reference the hash enums, so move
the enum definition into QAPI too.
Signed-off-by: Daniel P. Berrange
---
crypto/cipher.c | 8
include
/initialize a new
encryption header on a previously unformatted volume.
The initial framework comes with support for the legacy QCow
AES based encryption. This enables code in the QCow driver to
be consolidated later.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 2 +
crypto
When reporting an incorrect key length for a cipher, we
mixed up the actual vs expected arguments.
Signed-off-by: Daniel P. Berrange
---
crypto/cipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/cipher.c b/crypto/cipher.c
index e92d49a..a69ff5e 100644
--- a
The QCryptoHashAlgorithm enum is defined in the crypto/hash.h
header. In the future some QAPI types will want to reference
the hash enums, so move the enum definition into QAPI too.
Signed-off-by: Daniel P. Berrange
---
crypto/hash.c | 4 ++--
include/crypto/hash.h | 9 +
qapi
t' here refers to the format of the ciphertext
data. The decrypted data must always be in raw byte format.
More examples are shown in the updated docs.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
crypto/secret.c| 567
, 'plain64' and
'essiv', each matching the same named algorithm provided
by the Linux kernel dm-crypt driver.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 4 ++
crypto/ivgen-essiv.c | 116
crypto/ivgen-essiv.h
nction in QEMU
will comply with the spec.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
crypto/pbkdf-gcrypt.c | 64
crypto/pbkdf-nettle.c | 63
crypto/pbkdf-stub.c | 39 +
crypto/pbkdf.c| 76 ++
include/crypt
object secret,id=sec0,file=mypasswd.txt \
...other args...
Signed-off-by: Daniel P. Berrange
---
qemu-io.c | 87 +++
1 file changed, 87 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index 269f17c..cf1dac6 100644
--- a/qemu-io
The QCryptoBlock framework trivially supports the legecy QCow
encryption format. Convert QCow2 to use QCryptoBlock, since
this will unlock the ability to support LUKS in QCow2 without
increasing the code burden for encryption in QCow2.
Signed-off-by: Daniel P. Berrange
---
block/qcow2-cluster.c
info --object secret,id=sec0,file=mypasswd.txt \
...other info args...
Signed-off-by: Daniel P. Berrange
---
qemu-img-cmds.hx | 44
qemu-img.c | 300 +--
qemu-img.texi| 8 ++
3 files changed, 322 insertions(+), 30 delet
ster keys. The payload of the QCow2 file does not
change in structure. Sectors are simply processed via the
QCryptoBlock object to apply/remove encryption when required.
Signed-off-by: Daniel P. Berrange
---
block/qcow2.c| 294 +--
bloc
whether an image is encrypted or not, since that is a
potentially useful piece of metadata to report to the user.
Signed-off-by: Daniel P. Berrange
---
block.c| 81 ++
block/qapi.c | 2 +-
block/qcow.c
The rebuild of qapi-types.c/h is not correctly triggered
when qapi/crypto.json is changed because it was missing
from the list of files in the qapi-modules variable.
Signed-off-by: Daniel P. Berrange
---
Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile b
uot;filename": "demo.luks"}}
file format: luks
virtual size: 10.0G (10737416192 bytes)
disk size: 132K
Signed-off-by: Daniel P. Berrange
---
block/Makefile.objs | 2 +
block/fde.c | 522
2 files changed, 524 inserti
ting new volumes. In the latter
case it will only use key slot 0.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs |1 +
crypto/block-luks.c | 1056 ++
crypto/block-luks.h | 28 ++
crypto/block.c |2 +
qapi/crypto.json |
On Fri, Nov 20, 2015 at 03:09:25PM -0700, Eric Blake wrote:
> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> > +
> > +static const char *base64_valid_chars =
> > +"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
> > +
> > +sta
On Fri, Nov 20, 2015 at 03:15:27PM -0700, Eric Blake wrote:
> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> > Add a 'keyid' parameter that refers to the ID of a
> > QCryptoSecret instance that provides the encryption key.
> >
> > $QEMU \
> >
On Mon, Nov 23, 2015 at 02:39:27PM +0100, Markus Armbruster wrote:
> "Daniel P. Berrange" writes:
>
> > On Fri, Nov 20, 2015 at 03:09:25PM -0700, Eric Blake wrote:
> >> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> >> > +
&g
On Mon, Nov 23, 2015 at 06:07:42PM +0800, Peter Xu wrote:
> This will allow the user specify "-d" (just like command
> "migrate") when using "dump-guest-memory" command. When
> specified, one background thread is created to do the dump work.
> One flag is added to show whether there is a background
e (not in the patch)
>
> After: chardev, qtest, object-initial, object-late (not in the patch)
>
> Objects must be initialized before chardev (except rng-egd) since in the
> future chardev will need to use objects, in particular secret objects.
> Was the swap intentional?
Yea
On Mon, Nov 23, 2015 at 05:46:06PM +, Daniel P. Berrange wrote:
> On Mon, Nov 23, 2015 at 06:40:58PM +0100, Paolo Bonzini wrote:
> >
> >
> > On 18/11/2015 21:49, Michael S. Tsirkin wrote:
> > > On Wed, Nov 18, 2015 at 10:02:58AM +0100, marcandre.lur...@redhat
On Mon, Nov 23, 2015 at 07:01:33PM +0100, Marc-André Lureau wrote:
> On Mon, Nov 23, 2015 at 6:40 PM, Paolo Bonzini wrote:
> > Before: object-initial, chardev, qtest, object-late (not in the patch)
> >
> > After: chardev, qtest, object-initial, object-late (not in the patch)
> >
> > Objects must b
On Mon, Nov 23, 2015 at 07:41:24PM +0100, Lluís Vilanova wrote:
> Gives some general guidelines for reporting errors in QEMU.
>
> Signed-off-by: Lluís Vilanova
> ---
> HACKING | 31 +++
> 1 file changed, 31 insertions(+)
>
> diff --git a/HACKING b/HACKING
> index 1
On Mon, Nov 23, 2015 at 09:05:30PM +0100, Lluís Vilanova wrote:
> Daniel P Berrange writes:
> [...]
> > I don't think this "Errors in user inputs" vs "Other errors" distinction
> > really makes sense. Whether an error raised in a piece of code is
On Tue, Nov 24, 2015 at 04:10:54PM +0200, Michael S. Tsirkin wrote:
> On Mon, Nov 23, 2015 at 06:10:08PM +0000, Daniel P. Berrange wrote:
> > On Mon, Nov 23, 2015 at 07:01:33PM +0100, Marc-André Lureau wrote:
> > > On Mon, Nov 23, 2015 at 6:40 PM, Paolo Bonzini
> >
On Tue, Nov 24, 2015 at 04:25:40PM +0200, Michael S. Tsirkin wrote:
> On Tue, Nov 24, 2015 at 02:19:36PM +0000, Daniel P. Berrange wrote:
> > On Tue, Nov 24, 2015 at 04:10:54PM +0200, Michael S. Tsirkin wrote:
> > > On Mon, Nov 23, 2015 at 06:10:08PM +, Daniel P. Berrange wro
)
- Misc typo fixes (Eric)
- Added a genmeric qbase64_decode() wrapper around
g_base64_decode() that does error checking (Markus)
- Convert callers of g_base64_decode() to qbase64_decode()
to get error checking (Markus)
Daniel P. Berrange (5):
util: add base64 decoding function
qemu-
t all.
Signed-off-by: Daniel P. Berrange
---
include/qemu/base64.h | 56 +
tests/.gitignore | 1 +
tests/Makefile| 3 ++
tests/test-base64.c | 97 +++
util/Makefile.objs| 1 +
util/base64.c
ror will be reported if an attempt
is made to pass a decryption password.
Signed-off-by: Daniel P. Berrange
---
crypto/tlscredsx509.c | 47 +++
include/crypto/tlscredsx509.h | 1 +
qemu-options.hx | 8 +++-
3 files changed, 55
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.
Signed-off-by: Daniel P. Berrange
---
qapi-schema.json | 2 --
qemu-char.c | 8 +++-
qmp-commands.hx | 2 --
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a
t' here refers to the format of the ciphertext
data. The decrypted data must always be in raw byte format.
More examples are shown in the updated docs.
Signed-off-by: Daniel P. Berrange
---
crypto/Makefile.objs | 1 +
crypto/secret.c| 540
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.
Signed-off-by: Daniel P. Berrange
---
qga/commands-posix.c | 11 +--
qga/commands-win32.c | 11 +--
qga/commands.c | 13 -
3 files changed, 30
On Tue, Nov 24, 2015 at 08:54:24AM -0700, Eric Blake wrote:
> On 11/24/2015 08:02 AM, Daniel P. Berrange wrote:
> > The standard glib provided g_base64_decode doesn't provide any
> > kind of sensible error checking on its input. Add a QEMU custom
> > wrapper qbase64_dec
On Tue, Nov 24, 2015 at 11:29:55AM -0700, Eric Blake wrote:
> > +static void
> > +qcrypto_secret_load_data(QCryptoSecret *secret,
> > + uint8_t **output,
> > + size_t *outputlen,
> > + Error **errp)
> > +{
> > +int fd;
> >
etlbfs vs tmpfs is a choice for the management
application or end user to make as best fits their needs. As such it
is inappropriate for QEMU to have an opinion on whether the user's
choice is right or wrong in this case.
Signed-off-by: Daniel P. Berrange
---
exec.c | 3 ---
1 file changed, 3 d
This fixes the regression in object creation warning identified
by Paolo here:
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04994.html
It provides an alternative fix to the original problem, by
simply removing the warning message in question.
Daniel P. Berrange (2):
Revert "
example, when chardevs use TLS
encryption in the future, they need to have tls credential
objects created first.
This revert, restores the ordering introduced in
commit f08f9271bfe3f19a5eb3d7a2f48532065304d5c8
Author: Daniel P. Berrange
Date: Wed May 13 17:14:04 2015 +0100
vl: Create
On Thu, Feb 04, 2016 at 03:14:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > +int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
> > + const uint8_t *key, size_t nkey,
> > + const uint8_
On Thu, Feb 04, 2016 at 03:14:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, b
On Thu, Feb 04, 2016 at 03:57:33PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > There are a number of different algorithms that can be used
> > to generate initialization vectors for disk encryption. This
> > introduces a simple internal QCr
On Thu, Feb 04, 2016 at 04:26:42PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > +++ b/crypto/afsplit.c
> > @@ -0,0 +1,162 @@
> > +/*
> > + * QEMU Crypto anti forensic information splitter
> > + *
> > +
On Thu, Feb 04, 2016 at 04:26:42PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > The LUKS format specifies an anti-forensic split algorithm which
> > is used to artificially expand the size of the key material on
> > disk. This is an i
On Thu, Feb 04, 2016 at 05:23:32PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > Add a generic framework for support different block encryption
> > formats. Upon instantiating a QCryptoBlock object, it will read
> > the encryption h
On Fri, Feb 05, 2016 at 10:23:18AM +, Daniel P. Berrange wrote:
> On Thu, Feb 04, 2016 at 03:57:33PM -0700, Eric Blake wrote:
> > On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > > There are a number of different algorithms that can be used
> > > to generate
telnet traffic
> caused by typing over the serial connection results in every other
> character being dropped.
>
> A quick session with git bisect points to the following commit:
>
> commit f2001a7e0555b66d6db25a3ff1801540814045bb
> Author: Daniel P. Berrange
> Date: Tue J
901 - 1000 of 6827 matches
Mail list logo
