Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 886898baad2183fdc304967bda98b2e03c3843f2
https://github.com/qemu/qemu/commit/886898baad2183fdc304967bda98b2e03c3843f2
Author: Richard W.M. Jones <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
A include/qemu/exit-with-parent.h
M qemu-options.hx
A system/exit-with-parent.c
M system/meson.build
M system/vl.c
Log Message:
-----------
Implement -run-with exit-with-parent=on
Libguestfs wants to use qemu to run a captive appliance. When the
program linked to libguestfs exits, we want qemu to be cleaned up.
Libguestfs goes to great lengths to do this at the moment: it either
forks a separate process to ensure clean-up is done, or it asks
libvirt to clean up the qemu process. However this is complicated and
not totally reliable.
On Linux, FreeBSD and macOS, there are mechanisms to ensure a signal
or message is delivered to a process when its parent process goes
away. The qemu test suite even uses this mechanism on Linux (see
PR_SET_PDEATHSIG in tests/qtest/libqtest.c).
In nbdkit we have long had the concept of running nbdkit captively,
and we have the nbdkit --exit-with-parent flag to help
(https://libguestfs.org/nbdkit-captive.1.html#EXIT-WITH-PARENT)
This commit adds the same mechanism. The syntax is:
qemu -run-with exit-with-parent=on [...]
This is not a feature that most typical users of qemu (for running
general purpose, long-lived VMs) should use, so it defaults to off.
The exit-with-parent.[ch] files are copied from nbdkit, where they
have a 3-clause BSD license which is compatible with qemu:
https://gitlab.com/nbdkit/nbdkit/-/tree/master/common/utils?ref_type=heads
Thanks: Daniel P. Berrangé <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Richard W.M. Jones <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: b433ca56e1d02173aa08b04947cdd82045057695
https://github.com/qemu/qemu/commit/b433ca56e1d02173aa08b04947cdd82045057695
Author: Richard W.M. Jones <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M tests/qtest/libqtest.c
Log Message:
-----------
tests/qtest: Use exit-with-parent=on in qtest invocations
Previously libqtest.c set PR_SET_PDEATHSIG (or the equivalent on
FreeBSD) after forking the qemu subprocess. However we can get the
same behaviour now by using the new -run-with exit-with-parent=on
flag, on platforms that support it.
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Richard W.M. Jones <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: abf6e02dfb2c351f5fbc5f95451527722955fd89
https://github.com/qemu/qemu/commit/abf6e02dfb2c351f5fbc5f95451527722955fd89
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/hash.c
M crypto/hmac.c
M include/crypto/hash.h
M include/crypto/hmac.h
Log Message:
-----------
crypto/hash: Have hashing functions take void * buffer argument
Cryptographic hash function can operate on any area of memory,
regardless of the content their represent. Do not restrict to
array of char, use the void* type, which is also the type of
the underlying iovec::iov_base field.
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 989221c0c7a7ce8809d7e10276facd7b221c853f
https://github.com/qemu/qemu/commit/989221c0c7a7ce8809d7e10276facd7b221c853f
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M include/crypto/tlssession.h
M include/io/channel.h
M io/channel-tls.c
M io/channel.c
M tests/unit/test-crypto-tlssession.c
Log Message:
-----------
io/channel: Have read/write functions take void * buffer argument
I/O channel read/write functions can operate on any area of
memory, regardless of the content their represent. Do not
restrict to array of char, use the void* type, which is also
the type of the underlying iovec::iov_base field.
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
[DB: also adapt test-crypto-tlssession.c func signatures]
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: e52d8227162ba1fa53011f19e99b2f57705bc567
https://github.com/qemu/qemu/commit/e52d8227162ba1fa53011f19e99b2f57705bc567
Author: Tejus GK <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M include/io/channel-socket.h
M io/channel-socket.c
Log Message:
-----------
io: add a "blocking" field to QIOChannelSocket
Add a 'blocking' boolean field to QIOChannelSocket to track whether the
underlying socket is in blocking or non-blocking mode.
Signed-off-by: Tejus GK <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 84005f4a2b8745e5934f955c045a0b4311cd0992
https://github.com/qemu/qemu/commit/84005f4a2b8745e5934f955c045a0b4311cd0992
Author: Manish Mishra <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M include/io/channel-socket.h
M io/channel-socket.c
Log Message:
-----------
io: flush zerocopy socket error queue on sendmsg failure due to ENOBUF
The kernel allocates extra metadata SKBs in case of a zerocopy send,
eventually used for zerocopy's notification mechanism. This metadata
memory is accounted for in the OPTMEM limit. The kernel queues
completion notifications on the socket error queue and this error queue
is freed when userspace reads it.
Usually, in the case of in-order processing, the kernel will batch the
notifications and merge the metadata into a single SKB and free the
rest. As a result, it never exceeds the OPTMEM limit. However, if there
is any out-of-order processing or intermittent zerocopy failures, this
error chain can grow significantly, exhausting the OPTMEM limit. As a
result, all new sendmsg requests fail to allocate any new SKB, leading
to an ENOBUF error. Depending on the amount of data queued before the
flush (i.e., large live migration iterations), even large OPTMEM limits
are prone to failure.
To work around this, if we encounter an ENOBUF error with a zerocopy
sendmsg, flush the error queue and retry once more.
Co-authored-by: Manish Mishra <[email protected]>
Signed-off-by: Tejus GK <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
[DB: change TRUE/FALSE to true/false for 'bool' type;
add more #ifdef QEMU_MSG_ZEROCOPY blocks]
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: c4b3d0074eba55aae6653b04637ecf2db4ca353a
https://github.com/qemu/qemu/commit/c4b3d0074eba55aae6653b04637ecf2db4ca353a
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/cipher.c
M crypto/meson.build
M meson.build
M tests/unit/test-crypto-block.c
Log Message:
-----------
crypto: bump min gnutls to 3.7.5
Per repology, current shipping versions are:
RHEL-9: 3.8.3
Debian 13: 3.8.9
openSUSE Leap 15: 3.8.3
Ubuntu LTS 22.04: 3.7.5
FreeBSD: 3.8.10
Fedora 42: 3.8.10
OpenBSD: 3.8.10
macOS HomeBrew: 3.8.10
Ubuntu 22.04 is our oldest constraint at this time.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 9e6ce4d22e5782bbd23cfda245978ef71d495319
https://github.com/qemu/qemu/commit/9e6ce4d22e5782bbd23cfda245978ef71d495319
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/cipher-gnutls.c.inc
Log Message:
-----------
crypto: unconditionally enable gnutls XTS support
The XTS support required 3.6.8 which is older than our min
required version now.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 8afd894781a781133ecb418506cce5c5a3c7581e
https://github.com/qemu/qemu/commit/8afd894781a781133ecb418506cce5c5a3c7581e
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M meson.build
Log Message:
-----------
crypto: bump min libgcrypt to 1.9.4
Per repology, current shipping versions are:
RHEL-9: 1.10.0
Debian 13: 1.11.0
openSUSE Leap 15: 1.10.3
Ubuntu LTS 22.04: 1.9.4
FreeBSD: 1.11.2
Fedora 42: 1.11.1
OpenBSD: 1.11.2
macOS HomeBrew: 1.11.2
Ubuntu 22.04 is our oldest constraint at this time.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 4811ad2be983375102fba12fa265541e5600f98c
https://github.com/qemu/qemu/commit/4811ad2be983375102fba12fa265541e5600f98c
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M meson.build
Log Message:
-----------
crypto: bump min nettle to 3.7.3
Per repology, current shipping versions are:
RHEL-9: 3.10.1
Debian 13: 3.10.1
openSUSE Leap 15: 3.9.1
Ubuntu LTS 22.04: 3.7.3
FreeBSD: 3.10.2
Fedora 42: 3.10.2
OpenBSD: 3.10.2
macOS HomeBrew: 3.10.2
Ubuntu 22.04 is our oldest constraint at this time.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 167194d0874efd98f88f525589aabaf03caa489f
https://github.com/qemu/qemu/commit/167194d0874efd98f88f525589aabaf03caa489f
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/cipher-nettle.c.inc
M crypto/meson.build
R crypto/xts.c
R include/crypto/xts.h
M meson.build
M tests/unit/meson.build
R tests/unit/test-crypto-xts.c
Log Message:
-----------
crypto: drop in-tree XTS cipher mode impl
nettle included XTS in 3.4.1, so with the new min version we
no longer require the in-tree XTS cipher mode impl.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 3821a538f7ec0a7973fa7b751dcea65d0b9b3213
https://github.com/qemu/qemu/commit/3821a538f7ec0a7973fa7b751dcea65d0b9b3213
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: remove redundant parameter checking CA certs
The only caller of qcrypto_tls_creds_check_authority_chain always
passes 'true' for the 'isCA' parameter. The point of this method
is to check the CA chani, so no other value would ever make sense.
Reviewed-by: Marc-André Lureau <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 0de19c148a1d1ffda8f18b342adb6133237279e4
https://github.com/qemu/qemu/commit/0de19c148a1d1ffda8f18b342adb6133237279e4
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: add missing free of certs array
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 2114ae9faaabe4ff1c455811bb38085324af17b7
https://github.com/qemu/qemu/commit/2114ae9faaabe4ff1c455811bb38085324af17b7
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
Log Message:
-----------
crypto: replace stat() with access() for credential checks
Readability of the credential files is what matters for our usage,
so access() is more appropriate than stat().
Reviewed-by: Marc-André Lureau <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 9fe991d0a490e18c64b02540b141ad8c3e2a477e
https://github.com/qemu/qemu/commit/9fe991d0a490e18c64b02540b141ad8c3e2a477e
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: remove redundant access() checks before loading certs
The qcrypto_tls_creds_get_path method will perform an access()
check on the file and return a NULL path if it fails. By the
time we get to loading the cert files we know they must exist
on disk and thus the second access() check is redundant.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 9d3343b00bee063f3cc7f5bee35c953fd4e7b6ee
https://github.com/qemu/qemu/commit/9d3343b00bee063f3cc7f5bee35c953fd4e7b6ee
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: move check for TLS creds 'dir' property
The check for the 'dir' property is being repeated for every
credential file to be loaded, but this results in incorrect
logic for optional credentials. The 'dir' property is mandatory
for PSK and x509 creds, even if some individual files are
optional. Address this by separating the check for the 'dir'
property.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 916501aa0720bf78b7dbf39b2548f2d4c4e46987
https://github.com/qemu/qemu/commit/916501aa0720bf78b7dbf39b2548f2d4c4e46987
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: use g_autofree when loading x509 credentials
This allows removal of goto jumps during loading of the credentials
and will simplify the diff in following commits.
Reviewed-by: Marc-André Lureau <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 20ee3064186d3a1eedcac0a76cc8af0993e36714
https://github.com/qemu/qemu/commit/20ee3064186d3a1eedcac0a76cc8af0993e36714
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: remove needless indirection via parent_obj field
The reload method already has a pointer to the parent object in
the 'creds' parameter that is passed in, so indirect access via
the subclass 'parent_obj' field is redundant.
Reviewed-by: Marc-André Lureau <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 11ea2bffda50b44610efeb355e8a261760c5e360
https://github.com/qemu/qemu/commit/11ea2bffda50b44610efeb355e8a261760c5e360
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: move release of DH parameters into TLS creds parent
The code for releasing DH parameters is common to all credential
subclasses, and the unload function is only called from the
finalizers, except for x509 reload, so can be moved into the
parent with a little update of the reload method.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 7751083fa4ecd5ef31b83ed7c17dcf13f3e617f2
https://github.com/qemu/qemu/commit/7751083fa4ecd5ef31b83ed7c17dcf13f3e617f2
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: shorten the endpoint == server check in TLS creds
This eliminates a number of long lines aiding readability.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: fb8a0b0bfc816fd26ba62d7cae22db890fdb5203
https://github.com/qemu/qemu/commit/fb8a0b0bfc816fd26ba62d7cae22db890fdb5203
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: remove duplication loading x509 CA cert
The CA cert is mandatory in both client and server scenarios.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: e82fccb4a37d84d75ebdbd78d15578a2321870d2
https://github.com/qemu/qemu/commit/e82fccb4a37d84d75ebdbd78d15578a2321870d2
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspsk.c
M crypto/tlssession.c
M include/crypto/tlscreds.h
Log Message:
-----------
crypto: reduce duplication in handling TLS priority strings
The logic for setting the TLS priority string on a session object has a
significant amount of logic duplication across the different credential
types. By recording the extra priority string suffix against the
credential class, we can introduce a common method for building the
priority string. The TLS session can now set the priority string without
caring about the credential type.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: a5d2bf4a875cc83dd10bca2a294f2df9104d874d
https://github.com/qemu/qemu/commit/a5d2bf4a875cc83dd10bca2a294f2df9104d874d
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M include/crypto/tlscreds.h
M ui/vnc.c
Log Message:
-----------
crypto: introduce method for reloading TLS creds
This prevents direct access of the class members by the VNC
display code.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 51e24d46e0181c42a1be498dea1cc0b473a8a76c
https://github.com/qemu/qemu/commit/51e24d46e0181c42a1be498dea1cc0b473a8a76c
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/meson.build
A crypto/tlscredsbox.c
A crypto/tlscredsbox.h
Log Message:
-----------
crypto: introduce a wrapper around gnutls credentials
The gnutls_credentials_set() method has a very suprising API contract
that requires the caller to preserve the passed in credentials pointer
for as long as the gnutls_session_t object is alive. QEMU is failing
to ensure this happens.
In QEMU the GNUTLS credentials object is owned by the QCryptoTLSCreds
object instance while the GNUTLS session object is owned by the
QCryptoTLSSession object instance. Their lifetimes are not guaranteed
to be the same, though in most common usage the credentials will outlive
the session. This is notably not the case, however, after the VNC server
gained the ability to reload credentials on the fly with:
commit 1f08e3415120637cad7f540d9ceb4dba3136dbdd
Author: Zihao Chang <[email protected]>
Date: Tue Mar 16 15:58:44 2021 +0800
vnc: support reload x509 certificates for vnc
If that is triggered while a VNC client is in the middle of performing
a TLS handshake, we might hit a use-after-free.
It is difficult to correct this problem because there's no way to deep-
clone a GNUTLS credentials object, nor is it reference counted. Thus we
introduce a QCryptoTLSCredsBox object whose only purpose is to add
reference counting around the GNUTLS credentials object.
The DH parameters set against a credentials object also have to be kept
alive for as long as the credentials exist. So the box must also hold
the DH parameters pointer.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 70f9fd8dbf7233bee497055a9b7825e3729ce853
https://github.com/qemu/qemu/commit/70f9fd8dbf7233bee497055a9b7825e3729ce853
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M crypto/tlssession.c
Log Message:
-----------
crypto: fix lifecycle handling of gnutls credentials objects
As described in the previous commit, the gnutls credentials need to
be kept alive for as long as the gnutls session object exists. Convert
the QCryptoTLSCreds objects to use QCryptoTLSCredsBox and holding the
gnutls credential objects. When loading the credentials into a gnutls
session, store a reference to the box into the QCryptoTLSSession object.
This has the useful side effect that the QCryptoTLSSession code no
longer needs to know about all the different credential types, it can
use the generic pointer stored in the box.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: fac244b0190bbffa7ff6811549ff1cea1ecbb3a1
https://github.com/qemu/qemu/commit/fac244b0190bbffa7ff6811549ff1cea1ecbb3a1
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsanon.c
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: make TLS credentials structs private
Now that the TLS session code no longer needs to look at the TLS
credential structs, they can be made private.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: d58f9b20c71caec2a4ce271dadb5d6a6d9444875
https://github.com/qemu/qemu/commit/d58f9b20c71caec2a4ce271dadb5d6a6d9444875
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredsanon.c
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M docs/about/deprecated.rst
M docs/system/tls.rst
Log Message:
-----------
crypto: deprecate use of external dh-params.pem file
GNUTLS has deprecated use of externally provided diffie-hellman
parameters. Since 3.6.0 it will automatically negotiate DH params
in accordance with RFC7919.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: aeac275c114b52151642488dfcc7894631256289
https://github.com/qemu/qemu/commit/aeac275c114b52151642488dfcc7894631256289
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: avoid loading the CA certs twice
The x509 TLS credentials code will load the CA certs once to perform
sanity chcking on the certs, then discard the certificate objects
and let gnutls load them a second time.
This introduces a new QCryptoTLSCredsX509Files struct which will
hold the CA certificates loaded for sanity checking and pass them on
to gnutls, avoiding the duplicated loading.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 8031b5fb1a6efb57df36d41917932516894ae641
https://github.com/qemu/qemu/commit/8031b5fb1a6efb57df36d41917932516894ae641
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
M tests/unit/test-crypto-tlscredsx509.c
Log Message:
-----------
crypto: avoid loading the identity certs twice
The x509 TLS credentials code will load the identity certs once to
perform sanity chcking on the certs, then discard the certificate
objects and let gnutls load them a second time.
This extends the previous QCryptoTLSCredsX509Files struct to also
hold the identity certificates & key loaded for sanity checking
and pass them on to gnutls, avoiding the duplicated loading.
The unit tests need updating because we now correctly diagnose the
error scenario where the cert PEM file exists, without its matching
key PEM file. Previously that error was mistakenly ignored.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: c497a51481cf725d86d3f302a6397c2cb446d0bb
https://github.com/qemu/qemu/commit/c497a51481cf725d86d3f302a6397c2cb446d0bb
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscredsx509.c
Log Message:
-----------
crypto: expand logic to cope with multiple certificate identities
Currently only a single set of certificates can be loaded for a
server / client. Certificates are created using a particular
key algorithm and in some scenarios it can be useful to support
multiple algorithms in parallel. This requires the ability to
load multiple sets of certificates.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 211fc7e416d5661a8f6bd3cc8de7d1a68e07426c
https://github.com/qemu/qemu/commit/211fc7e416d5661a8f6bd3cc8de7d1a68e07426c
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M crypto/tlscreds.c
M crypto/tlscredspriv.h
M crypto/tlscredsx509.c
M crypto/tlssession.c
M crypto/trace-events
M docs/system/tls.rst
M include/crypto/tlscredsx509.h
Log Message:
-----------
crypto: support upto 5 parallel certificate identities
The default (required) identity is stored in server-cert.pem /
client-cert.pem and server-key.pem / client-key.pem.
The 4 extra (optional) identities are stored in server-cert-$N.pem /
client-cert-$N.pem and server-key-$N.pem / client-key-$N.pem. The
numbering starts at 0 and the first missing cert/key pair will
terminate the loading process.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: 2aaca8c6d22b18786ceff51189704113d0639590
https://github.com/qemu/qemu/commit/2aaca8c6d22b18786ceff51189704113d0639590
Author: Daniel P. Berrangé <[email protected]>
Date: 2025-11-03 (Mon, 03 Nov 2025)
Changed paths:
M docs/system/tls.rst
Log Message:
-----------
docs: creation of x509 certs compliant with post-quantum crypto
Explain how to alter the certtool commands for creating certficates,
so that they can use algorithms that are compliant with post-quantum
crytography standards.
Reviewed-by: Marc-André Lureau <[email protected]>
Signed-off-by: Daniel P. Berrangé <[email protected]>
Commit: e9c692eabbbb7f395347605a6ef33a32d398ea25
https://github.com/qemu/qemu/commit/e9c692eabbbb7f395347605a6ef33a32d398ea25
Author: Richard Henderson <[email protected]>
Date: 2025-11-04 (Tue, 04 Nov 2025)
Changed paths:
M crypto/cipher-gnutls.c.inc
M crypto/cipher-nettle.c.inc
M crypto/cipher.c
M crypto/hash.c
M crypto/hmac.c
M crypto/meson.build
M crypto/tlscreds.c
M crypto/tlscredsanon.c
A crypto/tlscredsbox.c
A crypto/tlscredsbox.h
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M crypto/tlssession.c
M crypto/trace-events
R crypto/xts.c
M docs/about/deprecated.rst
M docs/system/tls.rst
M include/crypto/hash.h
M include/crypto/hmac.h
M include/crypto/tlscreds.h
M include/crypto/tlscredsx509.h
M include/crypto/tlssession.h
R include/crypto/xts.h
M include/io/channel-socket.h
M include/io/channel.h
A include/qemu/exit-with-parent.h
M io/channel-socket.c
M io/channel-tls.c
M io/channel.c
M meson.build
M qemu-options.hx
A system/exit-with-parent.c
M system/meson.build
M system/vl.c
M tests/qtest/libqtest.c
M tests/unit/meson.build
M tests/unit/test-crypto-block.c
M tests/unit/test-crypto-tlscredsx509.c
M tests/unit/test-crypto-tlssession.c
R tests/unit/test-crypto-xts.c
M ui/vnc.c
Log Message:
-----------
Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into
staging
Merge crypto and other misc fixes / features
* Increase minimum gnutls to 3.7.5
* Increase minimum libgcrypt to 1.9.4
* Increase minimum nettle to 3.7.3
* Drop obsolete in-tree XTS impl
* Fix memory leak when loading certificates
* Remove/reduce duplication when loading certifcates
* Fix possible crash when certificates are unloaded
while an active TLS connection is using when in a
TLS handshake operation
* Deprecate use of dh-params.pem file
* Document how to create certificates with Post-Quantum
Cryptography compliant algorithms.
* Support loading multiple certificate identities to
allow support for Post-Quantum crypto in parallel
with traditional RSA/ECC
* Add "-run-with exit-with-parent=on" parameter
* Flush pending errors when seeing ENOBUFS with
a zero-copy send attempt
* Fix data buffer parameters in hash & IO channel APIs
to use 'void *'
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmkIr/8ACgkQvobrtBUQ
# T9+2RhAAhEak/krdlTJw8OlJonUop7G5mlLU2TEoX0duRORcFhScsdSwb2pyc/wM
# tnwfWXsnsKFItJx1y3STkOICtdNqizGoU3+c7wl4anQBurydu+XTs4ESBtVJtMYr
# 1lTYvp0HFyKvaXwDWKE+ztltlJiog51tHPDLUIBCnyJysLVqxCHMHmkbG46IPBZo
# A2XXxp3j/VBPmhls0JHpbAD4iVE3PChdK7zhyeGe/rld9+0JA12EPCvZ5Uokdj41
# aYP/okvnVH1atucoygPdDE3P5GYBKaSXZUWqzfkKhU7FgaF2863Td7ff1ip+WyWN
# FFPNEU1hVg+T5hfsZVQmmIFDdSJWqoZaZM/WJVYdrRY4dKUCPnJ9OINbbnhuWz5E
# JFmZOPibRZKQ44XcHX49JRfJEBvoq1z9OT1r7HkEP4D9/O7V/riIunbAESMk0sgi
# 0/fatvdhNKMN6YBQM3mtN3yNOcfRSWFtSy9XS9zDjdpEKT7ui2t9FC0ZNSP0FRkS
# aTY31FyacjHwU3zaoh6NoqqpxV9wwHrgsJwNbA/IztjmX/jvGG0Gb/sXVEqM59tR
# e3VWTmlmZ1T8OLImh1hG4t+nY+XzI64QpVX8H9RCGm21o28DyTcOnTFK4OyIfWe5
# ttnNfEJN8WCVCsA8tcM8yAbZ/0qXrYfiZSO7hq79wE7LvyholAQ=
# =9ESG
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:37:03 PM CET
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>" [unknown]
# gpg: aka "Daniel P. Berrange <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu: (32 commits)
docs: creation of x509 certs compliant with post-quantum crypto
crypto: support upto 5 parallel certificate identities
crypto: expand logic to cope with multiple certificate identities
crypto: avoid loading the identity certs twice
crypto: avoid loading the CA certs twice
crypto: deprecate use of external dh-params.pem file
crypto: make TLS credentials structs private
crypto: fix lifecycle handling of gnutls credentials objects
crypto: introduce a wrapper around gnutls credentials
crypto: introduce method for reloading TLS creds
crypto: reduce duplication in handling TLS priority strings
crypto: remove duplication loading x509 CA cert
crypto: shorten the endpoint == server check in TLS creds
crypto: move release of DH parameters into TLS creds parent
crypto: remove needless indirection via parent_obj field
crypto: use g_autofree when loading x509 credentials
crypto: move check for TLS creds 'dir' property
crypto: remove redundant access() checks before loading certs
crypto: replace stat() with access() for credential checks
crypto: add missing free of certs array
...
Signed-off-by: Richard Henderson <[email protected]>
Compare: https://github.com/qemu/qemu/compare/7ae004869aff...e9c692eabbbb
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
