Support for the PBKDF functions in nettle was not introduced until version 2.6. Some distros QEMU targets have older versions and thus lack PBKDF support. Address this by doing a check in configure for the desired function and then skipping compilation of the nettle-pbkdf.o module
Reported-by: Wen Congyang <we...@cn.fujitsu.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> --- configure | 16 ++++++++++++++++ crypto/Makefile.objs | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configure b/configure index f4a03b8..2d78bcd 100755 --- a/configure +++ b/configure @@ -308,6 +308,7 @@ gnutls="" gnutls_hash="" gnutls_rnd="" nettle="" +nettle_kdf="no" gcrypt="" gcrypt_kdf="no" vte="" @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then libs_tools="$nettle_libs $libs_tools" QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" nettle="yes" + + cat > $TMPC << EOF +#include <nettle/pbkdf2.h> +int main(void) { + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL); + return 0; +} +EOF + if compile_prog "$nettle_cflags" "$nettle_libs" ; then + nettle_kdf=yes + fi else if test "$nettle" = "yes"; then feature_not_found "nettle" "Install nettle devel" @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then else echo "nettle $nettle" fi +echo "nettle kdf $nettle_kdf" echo "libtasn1 $tasn1" echo "VTE support $vte" echo "curses support $curses" @@ -5130,6 +5143,9 @@ fi if test "$nettle" = "yes" ; then echo "CONFIG_NETTLE=y" >> $config_host_mak echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak + if test "$nettle_kdf" = "yes" ; then + echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak + fi fi if test "$tasn1" = "yes" ; then echo "CONFIG_TASN1=y" >> $config_host_mak diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index 9f2c87e..0737f48 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -11,8 +11,8 @@ crypto-obj-y += secret.o crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o crypto-obj-y += pbkdf.o -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o crypto-obj-y += ivgen.o crypto-obj-y += ivgen-essiv.o crypto-obj-y += ivgen-plain.o -- 2.5.5