From 69c0b278af1389300e5c53107721dfa4e18139d7 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 4 Apr 2016 10:33:55 +0100
Subject: [PATCH 1/2] crypto: fix typo in docs for secret object type

The docs for the secret object type specified the wrong number
of bytes for the AES initialization vector.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 qemu-options.hx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 789d9f681e..587de8f3cd 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3888,7 +3888,7 @@ parameter provides the ID of a previously defined secret that contains
 the AES-256 decryption key. This key should be 32-bytes long and be
 base64 encoded. The @var{iv} parameter provides the random initialization
 vector used for encryption of this particular secret and should be a
-base64 encrypted string of the 32-byte IV.
+base64 encrypted string of the 16-byte IV.
 
 The simplest (insecure) usage is to provide the secret inline
 

From c44e92a4151248f80a31c8aa7343e399e508fa95 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 4 Apr 2016 15:08:45 +0100
Subject: [PATCH 2/2] crypto: fix nettle config check for running pbkdf test

The pbkdf test is being built based on a check for CONFIG_NETTLE.
As of fff2f982ab6ac0dd2b641d30303f72270a019f28, it should be
instead checking CONFIG_NETTLE_KDF

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Tested-by: Bruce Rogers <brogers@suse.com>
Tested-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 tests/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Makefile b/tests/Makefile
index 45b9048754..651d8b2dac 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -92,7 +92,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF)
 check-unit-y += tests/test-io-channel-command$(EXESUF)
 check-unit-y += tests/test-io-channel-buffer$(EXESUF)
 check-unit-y += tests/test-base64$(EXESUF)
-check-unit-$(if $(CONFIG_NETTLE),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF)
+check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF)
 check-unit-y += tests/test-crypto-ivgen$(EXESUF)
 check-unit-y += tests/test-crypto-afsplit$(EXESUF)
 check-unit-y += tests/test-crypto-xts$(EXESUF)