OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

crypto: require nettle >= 2.7.1 for building QEMU

Browse Source 
nettle 2.7.1 was released in 2013 and all the distros that are build
target platforms for QEMU [1] include it:

  RHEL-7: 2.7.1
  Debian (Stretch): 3.3
  Debian (Jessie): 2.7.1
  OpenBSD (ports): 3.4
  FreeBSD (ports): 3.4
  OpenSUSE Leap 15: 3.4
  Ubuntu (Xenial): 3.2
  macOS (Homebrew): 3.4

Based on this, it is reasonable to require nettle >= 2.7.1 in QEMU
which allows for some conditional version checks in the code to be
removed.

[1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2018-07-18 11:55:05 +01:00
parent dea7a64e4c
commit 64dd2f3b5b
4 changed files with 6 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
configure vendored
View File

@ -458,7 +458,6 @@ gtk_gl="no"
tls_priority="NORMAL" tls_priority="NORMAL"
gnutls="" gnutls=""
nettle="" nettle=""
nettle_kdf="no"
gcrypt="" gcrypt=""
gcrypt_hmac="no" gcrypt_hmac="no"
vte="" vte=""
@ -2730,7 +2729,7 @@ has_libgcrypt() {
if test "$nettle" != "no"; then if test "$nettle" != "no"; then
if $pkg_config --exists "nettle"; then if $pkg_config --exists "nettle >= 2.7.1"; then
nettle_cflags=$($pkg_config --cflags nettle) nettle_cflags=$($pkg_config --cflags nettle)
nettle_libs=$($pkg_config --libs nettle) nettle_libs=$($pkg_config --libs nettle)
nettle_version=$($pkg_config --modversion nettle) nettle_version=$($pkg_config --modversion nettle)
@ -2739,23 +2738,12 @@ if test "$nettle" != "no"; then
QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
nettle="yes" nettle="yes"
cat > $TMPC << EOF
#include <stddef.h>
#include <nettle/pbkdf2.h>
int main(void) {
pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
return 0;
}
EOF
if test -z "$gcrypt"; then if test -z "$gcrypt"; then
gcrypt="no" gcrypt="no"
fi fi
if compile_prog "$nettle_cflags" "$nettle_libs" ; then
nettle_kdf=yes
fi
else else
if test "$nettle" = "yes"; then if test "$nettle" = "yes"; then
feature_not_found "nettle" "Install nettle devel" feature_not_found "nettle" "Install nettle devel >= 2.7.1"
else else
nettle="no" nettle="no"
fi fi
@ -5906,7 +5894,6 @@ echo "TLS priority $tls_priority"
echo "GNUTLS support $gnutls" echo "GNUTLS support $gnutls"
echo "libgcrypt $gcrypt" echo "libgcrypt $gcrypt"
echo "nettle $nettle $(echo_version $nettle $nettle_version)" echo "nettle $nettle $(echo_version $nettle $nettle_version)"
echo "nettle kdf $nettle_kdf"
echo "libtasn1 $tasn1" echo "libtasn1 $tasn1"
echo "curses support $curses" echo "curses support $curses"
echo "virgl support $virglrenderer $(echo_version $virglrenderer $virgl_version)" echo "virgl support $virglrenderer $(echo_version $virglrenderer $virgl_version)"
@ -6351,9 +6338,6 @@ fi
if test "$nettle" = "yes" ; then if test "$nettle" = "yes" ; then
echo "CONFIG_NETTLE=y" >> $config_host_mak echo "CONFIG_NETTLE=y" >> $config_host_mak
echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
if test "$nettle_kdf" = "yes" ; then
echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
fi
fi fi
if test "$tasn1" = "yes" ; then if test "$tasn1" = "yes" ; then
echo "CONFIG_TASN1=y" >> $config_host_mak echo "CONFIG_TASN1=y" >> $config_host_mak

4
crypto/Makefile.objs
View File

@ -23,8 +23,8 @@ crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
crypto-obj-y += pbkdf.o crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
crypto-obj-y += ivgen.o crypto-obj-y += ivgen.o
crypto-obj-y += ivgen-essiv.o crypto-obj-y += ivgen-essiv.o
crypto-obj-y += ivgen-plain.o crypto-obj-y += ivgen-plain.o

2
tests/Makefile.include
View File

@ -115,7 +115,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF)
check-unit-y += tests/test-io-channel-command$(EXESUF) check-unit-y += tests/test-io-channel-command$(EXESUF)
check-unit-y += tests/test-io-channel-buffer$(EXESUF) check-unit-y += tests/test-io-channel-buffer$(EXESUF)
check-unit-y += tests/test-base64$(EXESUF) check-unit-y += tests/test-base64$(EXESUF)
check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF) check-unit-$(if $(CONFIG_NETTLE),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF)
check-unit-y += tests/test-crypto-ivgen$(EXESUF) check-unit-y += tests/test-crypto-ivgen$(EXESUF)
check-unit-y += tests/test-crypto-afsplit$(EXESUF) check-unit-y += tests/test-crypto-afsplit$(EXESUF)
check-unit-y += tests/test-crypto-xts$(EXESUF) check-unit-y += tests/test-crypto-xts$(EXESUF)

2
tests/test-crypto-block.c
View File

@ -29,7 +29,7 @@
#endif #endif
#if (defined(_WIN32) || defined RUSAGE_THREAD) && \ #if (defined(_WIN32) || defined RUSAGE_THREAD) && \
(defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT)) (defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT))
#define TEST_LUKS #define TEST_LUKS
#else #else
#undef TEST_LUKS #undef TEST_LUKS