Merge misc fixes

A collection of patches I have fixing crypto code and other pieces without an assigned maintainer * Fixes crypto function signatures to be compatible with both old and new versions of nettle * Fixes deprecation warnings on new nettle * Fixes GPL license header typos * Documents security implications of monitor usage * Optimize linking of capstone to avoid it in tools -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl0xxJUACgkQvobrtBUQ T98e/g/+MG0T2JUWs3RiG32frJQSogLle112Nyyoonbbf1nmJ2gBUfURR8b33eCH R+iS6NUoeeo7MxZ7DZDWJhAzqhJS/HwMtfBBf0JmpWZkRS9iitUAoPPMYOb+gYe/ xEPW13AKAR2PgDBzpnIdN36x3WWo87vuA5x56qtdK7NYHWzS2GHjI4hzqI3+t9xB E7f3KWIHpNAXdnHlaweMu/qZ9Md+Zu4GbJQzsVGRR7PGSCKq50GEf3ssk6RFd3Hh dtz/oZiRlfDXwlJTaI8pW/JsvUyJtFG/iQjOiRYkvKnKxdskJki9v+fB/cv8220o ytGQKdFfc+E2+qFWd+OBZbExeRO2SYVKF9aLQiNeESKEL/UpVpJs1MO7FDN5CoNy 6+PU7gVVjV40XVOLHdVza5wRwencR2fUmewE4INcFfiMqad8rbOZoCcodkfIxFpI UAj6js2/DfSMbrXL+7X9L2URUO1NS6YuB2OdP9E04IDTkGLdIs+3G56nZUM+E8eu Fhw1BMG6d4ytxF6QOtPCTJ7gwHMZWE3A64pwwMFZaDyCF++aIeVgpIvGNNSgOIVG tQIQ7WihDCuIgHFvd2tUSrLCVq6pDOWeiYde56AfrFJg34+GrsUlnrT38Us+aVaB rKC/bSO88y4Swz58PH2QvX0Sd1+yvcrk0GZEcNIRWXJUfhx/GTk= =iE4/ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging Merge misc fixes A collection of patches I have fixing crypto code and other pieces without an assigned maintainer * Fixes crypto function signatures to be compatible with both old and new versions of nettle * Fixes deprecation warnings on new nettle * Fixes GPL license header typos * Documents security implications of monitor usage * Optimize linking of capstone to avoid it in tools # gpg: Signature made Fri 19 Jul 2019 14:24:37 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/misc-next-pull-request: crypto: Fix LGPL information in the file headers doc: document that the monitor console is a privileged control interface configure: only link capstone to emulation targets crypto: fix function signatures for nettle 2.7 vs 3 crypto: switch to modern nettle AES APIs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 14:29:13 +01:00 · 2019-07-19 14:29:13 +01:00 · e2b47666fe
parent c054147ecc b7cbb8741b
commit e2b47666fe
56 changed files with 300 additions and 98 deletions
--- a/Makefile.target
+++ b/Makefile.target
@ -120,6 +120,7 @@ obj-$(CONFIG_TCG) += fpu/softfloat.o
 obj-y += target/$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+LIBS := $(libs_cpu) $(LIBS)

 #########################################################
 # Linux user emulator target
--- a/6
+++ b/6
@ -294,6 +294,7 @@ audio_drv_list=""
 block_drv_rw_whitelist=""
 block_drv_ro_whitelist=""
 host_cc="cc"
+libs_cpu=""
 libs_softmmu=""
 libs_tools=""
 audio_pt_int=""
@ -5042,12 +5043,12 @@ case "$capstone" in
    else
      LIBCAPSTONE=libcapstone.a
    fi
-    LIBS="-L\$(BUILD_DIR)/capstone -lcapstone $LIBS"
+    libs_cpu="-L\$(BUILD_DIR)/capstone -lcapstone $libs_cpu"
    ;;

  system)
    QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags capstone)"
-    LIBS="$($pkg_config --libs capstone) $LIBS"
+    libs_cpu="$($pkg_config --libs capstone) $libs_cpu"
    ;;

  no)
@ -6537,6 +6538,7 @@ echo "qemu_helperdir=$libexecdir" >> $config_host_mak
 echo "qemu_localedir=$qemu_localedir" >> $config_host_mak
 echo "qemu_icondir=$qemu_icondir" >> $config_host_mak
 echo "qemu_desktopdir=$qemu_desktopdir" >> $config_host_mak
+echo "libs_cpu=$libs_cpu" >> $config_host_mak
 echo "libs_softmmu=$libs_softmmu" >> $config_host_mak
 echo "GIT=$git" >> $config_host_mak
 echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/block-luks.h
+++ b/crypto/block-luks.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/block-qcow.c
+++ b/crypto/block-qcow.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/block-qcow.h
+++ b/crypto/block-qcow.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/block.c
+++ b/crypto/block.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/blockpriv.h
+++ b/crypto/blockpriv.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -42,29 +42,89 @@ typedef void *       cipher_ctx_t;
 typedef unsigned     cipher_length_t;

 #define cast5_set_key cast128_set_key
+
+#define aes128_ctx aes_ctx
+#define aes192_ctx aes_ctx
+#define aes256_ctx aes_ctx
+#define aes128_set_encrypt_key(c, k) \
+    aes_set_encrypt_key(c, 16, k)
+#define aes192_set_encrypt_key(c, k) \
+    aes_set_encrypt_key(c, 24, k)
+#define aes256_set_encrypt_key(c, k) \
+    aes_set_encrypt_key(c, 32, k)
+#define aes128_set_decrypt_key(c, k) \
+    aes_set_decrypt_key(c, 16, k)
+#define aes192_set_decrypt_key(c, k) \
+    aes_set_decrypt_key(c, 24, k)
+#define aes256_set_decrypt_key(c, k) \
+    aes_set_decrypt_key(c, 32, k)
+#define aes128_encrypt aes_encrypt
+#define aes192_encrypt aes_encrypt
+#define aes256_encrypt aes_encrypt
+#define aes128_decrypt aes_decrypt
+#define aes192_decrypt aes_decrypt
+#define aes256_decrypt aes_decrypt
 #else
 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
 typedef const void * cipher_ctx_t;
 typedef size_t       cipher_length_t;
 #endif

-typedef struct QCryptoNettleAES {
-    struct aes_ctx enc;
-    struct aes_ctx dec;
-} QCryptoNettleAES;
+typedef struct QCryptoNettleAES128 {
+    struct aes128_ctx enc;
+    struct aes128_ctx dec;
+} QCryptoNettleAES128;

-static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
-                               uint8_t *dst, const uint8_t *src)
+typedef struct QCryptoNettleAES192 {
+    struct aes192_ctx enc;
+    struct aes192_ctx dec;
+} QCryptoNettleAES192;
+
+typedef struct QCryptoNettleAES256 {
+    struct aes256_ctx enc;
+    struct aes256_ctx dec;
+} QCryptoNettleAES256;
+
+static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+                                  uint8_t *dst, const uint8_t *src)
 {
-    const QCryptoNettleAES *aesctx = ctx;
-    aes_encrypt(&aesctx->enc, length, dst, src);
+    const QCryptoNettleAES128 *aesctx = ctx;
+    aes128_encrypt(&aesctx->enc, length, dst, src);
 }

-static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+                                  uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES128 *aesctx = ctx;
+    aes128_decrypt(&aesctx->dec, length, dst, src);
+}
+
+static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
                               uint8_t *dst, const uint8_t *src)
 {
-    const QCryptoNettleAES *aesctx = ctx;
-    aes_decrypt(&aesctx->dec, length, dst, src);
+    const QCryptoNettleAES192 *aesctx = ctx;
+    aes192_encrypt(&aesctx->enc, length, dst, src);
+}
+
+static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+                               uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES192 *aesctx = ctx;
+    aes192_decrypt(&aesctx->dec, length, dst, src);
+}
+
+static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+                               uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES256 *aesctx = ctx;
+    aes256_encrypt(&aesctx->enc, length, dst, src);
+}
+
+static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
+                               uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES256 *aesctx = ctx;
+    aes256_decrypt(&aesctx->dec, length, dst, src);
 }

 static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length,
@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length,
    twofish_decrypt(ctx, length, dst, src);
 }

-static void aes_encrypt_wrapper(const void *ctx, size_t length,
+static void aes128_encrypt_wrapper(const void *ctx, size_t length,
                                uint8_t *dst, const uint8_t *src)
 {
-    const QCryptoNettleAES *aesctx = ctx;
-    aes_encrypt(&aesctx->enc, length, dst, src);
+    const QCryptoNettleAES128 *aesctx = ctx;
+    aes128_encrypt(&aesctx->enc, length, dst, src);
 }

-static void aes_decrypt_wrapper(const void *ctx, size_t length,
+static void aes128_decrypt_wrapper(const void *ctx, size_t length,
                                uint8_t *dst, const uint8_t *src)
 {
-    const QCryptoNettleAES *aesctx = ctx;
-    aes_decrypt(&aesctx->dec, length, dst, src);
+    const QCryptoNettleAES128 *aesctx = ctx;
+    aes128_decrypt(&aesctx->dec, length, dst, src);
+}
+
+static void aes192_encrypt_wrapper(const void *ctx, size_t length,
+                                uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES192 *aesctx = ctx;
+    aes192_encrypt(&aesctx->enc, length, dst, src);
+}
+
+static void aes192_decrypt_wrapper(const void *ctx, size_t length,
+                                uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES192 *aesctx = ctx;
+    aes192_decrypt(&aesctx->dec, length, dst, src);
+}
+
+static void aes256_encrypt_wrapper(const void *ctx, size_t length,
+                                uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES256 *aesctx = ctx;
+    aes256_encrypt(&aesctx->enc, length, dst, src);
+}
+
+static void aes256_decrypt_wrapper(const void *ctx, size_t length,
+                                uint8_t *dst, const uint8_t *src)
+{
+    const QCryptoNettleAES256 *aesctx = ctx;
+    aes256_decrypt(&aesctx->dec, length, dst, src);
 }

 static void des_encrypt_wrapper(const void *ctx, size_t length,
@ -319,34 +407,94 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
        break;

    case QCRYPTO_CIPHER_ALG_AES_128:
-    case QCRYPTO_CIPHER_ALG_AES_192:
-    case QCRYPTO_CIPHER_ALG_AES_256:
-        ctx->ctx = g_new0(QCryptoNettleAES, 1);
+        ctx->ctx = g_new0(QCryptoNettleAES128, 1);

        if (mode == QCRYPTO_CIPHER_MODE_XTS) {
-            ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1);
+            ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1);

            nkey /= 2;
-            aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
-                                nkey, key);
-            aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
-                                nkey, key);
+            aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
+                                   key);
+            aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
+                                   key);

-            aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc,
-                                nkey, key + nkey);
-            aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec,
-                                nkey, key + nkey);
+            aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
+                                   enc, key + nkey);
+            aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)->
+                                   dec, key + nkey);
        } else {
-            aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc,
-                                nkey, key);
-            aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec,
-                                nkey, key);
+            aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc,
+                                   key);
+            aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec,
+                                   key);
        }

-        ctx->alg_encrypt_native = aes_encrypt_native;
-        ctx->alg_decrypt_native = aes_decrypt_native;
-        ctx->alg_encrypt_wrapper = aes_encrypt_wrapper;
-        ctx->alg_decrypt_wrapper = aes_decrypt_wrapper;
+        ctx->alg_encrypt_native = aes128_encrypt_native;
+        ctx->alg_decrypt_native = aes128_decrypt_native;
+        ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper;
+        ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper;
+
+        ctx->blocksize = AES_BLOCK_SIZE;
+        break;
+
+    case QCRYPTO_CIPHER_ALG_AES_192:
+        ctx->ctx = g_new0(QCryptoNettleAES192, 1);
+
+        if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+            ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1);
+
+            nkey /= 2;
+            aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
+                                   key);
+            aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
+                                   key);
+
+            aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
+                                   enc, key + nkey);
+            aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)->
+                                   dec, key + nkey);
+        } else {
+            aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc,
+                                   key);
+            aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec,
+                                   key);
+        }
+
+        ctx->alg_encrypt_native = aes192_encrypt_native;
+        ctx->alg_decrypt_native = aes192_decrypt_native;
+        ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper;
+        ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper;
+
+        ctx->blocksize = AES_BLOCK_SIZE;
+        break;
+
+    case QCRYPTO_CIPHER_ALG_AES_256:
+        ctx->ctx = g_new0(QCryptoNettleAES256, 1);
+
+        if (mode == QCRYPTO_CIPHER_MODE_XTS) {
+            ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1);
+
+            nkey /= 2;
+            aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
+                                   key);
+            aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
+                                   key);
+
+            aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
+                                   enc, key + nkey);
+            aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)->
+                                   dec, key + nkey);
+        } else {
+            aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc,
+                                   key);
+            aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec,
+                                   key);
+        }
+
+        ctx->alg_encrypt_native = aes256_encrypt_native;
+        ctx->alg_decrypt_native = aes256_decrypt_native;
+        ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper;
+        ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper;

        ctx->blocksize = AES_BLOCK_SIZE;
        break;
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/hash-glib.c
+++ b/crypto/hash-glib.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -26,12 +26,18 @@
 #include <nettle/sha.h>
 #include <nettle/ripemd160.h>

+#if CONFIG_NETTLE_VERSION_MAJOR < 3
+typedef unsigned int     hash_length_t;
+#else
+typedef size_t       hash_length_t;
+#endif
+
 typedef void (*qcrypto_nettle_init)(void *ctx);
 typedef void (*qcrypto_nettle_write)(void *ctx,
-                                     unsigned int len,
+                                     hash_length_t len,
                                     const uint8_t *buf);
 typedef void (*qcrypto_nettle_result)(void *ctx,
-                                      unsigned int len,
+                                      hash_length_t len,
                                      uint8_t *buf);

 union qcrypto_hash_ctx {
@ -112,7 +118,7 @@ qcrypto_nettle_hash_bytesv(QCryptoHashAlgorithm alg,
                           size_t *resultlen,
                           Error **errp)
 {
-    int i;
+    size_t i;
    union qcrypto_hash_ctx ctx;

    if (!qcrypto_hash_supports(alg)) {
--- a/crypto/hash.c
+++ b/crypto/hash.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/hmac-nettle.c
+++ b/crypto/hmac-nettle.c
@ -18,14 +18,23 @@
 #include "hmacpriv.h"
 #include <nettle/hmac.h>

+#if CONFIG_NETTLE_VERSION_MAJOR < 3
+typedef unsigned int hmac_length_t;
+#else
+typedef size_t hmac_length_t;
+#endif
+
 typedef void (*qcrypto_nettle_hmac_setkey)(void *ctx,
-              size_t key_length, const uint8_t *key);
+                                           hmac_length_t key_length,
+                                           const uint8_t *key);

 typedef void (*qcrypto_nettle_hmac_update)(void *ctx,
-              size_t length, const uint8_t *data);
+                                           hmac_length_t length,
+                                           const uint8_t *data);

 typedef void (*qcrypto_nettle_hmac_digest)(void *ctx,
-              size_t length, uint8_t *digest);
+                                           hmac_length_t length,
+                                           uint8_t *digest);

 typedef struct QCryptoHmacNettle QCryptoHmacNettle;
 struct QCryptoHmacNettle {
@ -135,7 +144,7 @@ qcrypto_nettle_hmac_bytesv(QCryptoHmac *hmac,
                           Error **errp)
 {
    QCryptoHmacNettle *ctx;
-    int i;
+    size_t i;

    ctx = (QCryptoHmacNettle *)hmac->opaque;

--- a/crypto/init.c
+++ b/crypto/init.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-essiv.c
+++ b/crypto/ivgen-essiv.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-essiv.h
+++ b/crypto/ivgen-essiv.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-plain.c
+++ b/crypto/ivgen-plain.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-plain.h
+++ b/crypto/ivgen-plain.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-plain64.c
+++ b/crypto/ivgen-plain64.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen-plain64.h
+++ b/crypto/ivgen-plain64.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgen.c
+++ b/crypto/ivgen.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/ivgenpriv.h
+++ b/crypto/ivgenpriv.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/pbkdf-gcrypt.c
+++ b/crypto/pbkdf-gcrypt.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/pbkdf-nettle.c
+++ b/crypto/pbkdf-nettle.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/pbkdf-stub.c
+++ b/crypto/pbkdf-stub.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/random-gcrypt.c
+++ b/crypto/random-gcrypt.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/random-gnutls.c
+++ b/crypto/random-gnutls.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/secret.c
+++ b/crypto/secret.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlscreds.c
+++ b/crypto/tlscreds.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlscredsanon.c
+++ b/crypto/tlscredsanon.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlscredspriv.h
+++ b/crypto/tlscredspriv.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlscredspsk.c
+++ b/crypto/tlscredspsk.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/crypto/xts.c
+++ b/crypto/xts.c
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/docs/security.texi
+++ b/docs/security.texi
@ -129,3 +129,39 @@ those resources that were granted to it.
 system calls that are not needed by QEMU, thereby reducing the host kernel
 attack surface.
@end itemize
+
+@section Sensitive configurations
+
+There are aspects of QEMU that can have security implications which users &
+management applications must be aware of.
+
+@subsection Monitor console (QMP and HMP)
+
+The monitor console (whether used with QMP or HMP) provides an interface
+to dynamically control many aspects of QEMU's runtime operation. Many of the
+commands exposed will instruct QEMU to access content on the host file system
+and/or trigger spawning of external processes.
+
+For example, the @code{migrate} command allows for the spawning of arbitrary
+processes for the purpose of tunnelling the migration data stream. The
+@code{blockdev-add} command instructs QEMU to open arbitrary files, exposing
+their content to the guest as a virtual disk.
+
+Unless QEMU is otherwise confined using technologies such as SELinux, AppArmor,
+or Linux namespaces, the monitor console should be considered to have privileges
+equivalent to those of the user account QEMU is running under.
+
+It is further important to consider the security of the character device backend
+over which the monitor console is exposed. It needs to have protection against
+malicious third parties which might try to make unauthorized connections, or
+perform man-in-the-middle attacks. Many of the character device backends do not
+satisfy this requirement and so must not be used for the monitor console.
+
+The general recommendation is that the monitor console should be exposed over
+a UNIX domain socket backend to the local host only. Use of the TCP based
+character device backend is inappropriate unless configured to use both TLS
+encryption and authorization control policy on client connections.
+
+In summary, the monitor console is considered a privileged control interface to
+QEMU and as such should only be made accessible to a trusted management
+application or user.
--- a/include/crypto/block.h
+++ b/include/crypto/block.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/init.h
+++ b/include/crypto/init.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/ivgen.h
+++ b/include/crypto/ivgen.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/pbkdf.h
+++ b/include/crypto/pbkdf.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/random.h
+++ b/include/crypto/random.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/secret.h
+++ b/include/crypto/secret.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/tlscreds.h
+++ b/include/crypto/tlscreds.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/tlscredsanon.h
+++ b/include/crypto/tlscredsanon.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/tlscredspsk.h
+++ b/include/crypto/tlscredspsk.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/tlscredsx509.h
+++ b/include/crypto/tlscredsx509.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/tlssession.h
+++ b/include/crypto/tlssession.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@ -6,7 +6,7 @@
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of