On Thu, Mar 31, 2016 at 07:06:28AM -0600, Bruce Rogers wrote:
> >>> On 3/29/2016 at 08:50 AM, "Daniel P. Berrange" <berra...@redhat.com>
> >>> wrote:
> > Support for the PBKDF functions in nettle was not introduced
> > until version 2.6. Some distros QEMU targets have older
> > versions and thus lack PBKDF support. Address this by doing
> > a check in configure for the desired function and then skipping
> > compilation of the nettle-pbkdf.o module
> >
> > Reported-by: Wen Congyang <we...@cn.fujitsu.com>
> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> > ---
> > configure | 16 ++++++++++++++++
> > crypto/Makefile.objs | 4 ++--
> > 2 files changed, 18 insertions(+), 2 deletions(-)
> >
> > diff --git a/configure b/configure
> > index f4a03b8..2d78bcd 100755
> > --- a/configure
> > +++ b/configure
> > @@ -308,6 +308,7 @@ gnutls=""
> > gnutls_hash=""
> > gnutls_rnd=""
> > nettle=""
> > +nettle_kdf="no"
> > gcrypt=""
> > gcrypt_kdf="no"
> > vte=""
> > @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
> > libs_tools="$nettle_libs $libs_tools"
> > QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
> > nettle="yes"
> > +
> > + cat > $TMPC << EOF
> > +#include <nettle/pbkdf2.h>
> > +int main(void) {
> > + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
> > + return 0;
> > +}
> > +EOF
> > + if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> > + nettle_kdf=yes
> > + fi
> > else
> > if test "$nettle" = "yes"; then
> > feature_not_found "nettle" "Install nettle devel"
> > @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
> > else
> > echo "nettle $nettle"
> > fi
> > +echo "nettle kdf $nettle_kdf"
> > echo "libtasn1 $tasn1"
> > echo "VTE support $vte"
> > echo "curses support $curses"
> > @@ -5130,6 +5143,9 @@ fi
> > if test "$nettle" = "yes" ; then
> > echo "CONFIG_NETTLE=y" >> $config_host_mak
> > echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >>
> > $config_host_mak
> > + if test "$nettle_kdf" = "yes" ; then
> > + echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
> > + fi
> > fi
> > if test "$tasn1" = "yes" ; then
> > echo "CONFIG_TASN1=y" >> $config_host_mak
> > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> > index 9f2c87e..0737f48 100644
> > --- a/crypto/Makefile.objs
> > +++ b/crypto/Makefile.objs
> > @@ -11,8 +11,8 @@ crypto-obj-y += secret.o
> > crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
> > crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
> > crypto-obj-y += pbkdf.o
> > -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
> > -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
> > +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
> > +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) +=
> > pbkdf-gcrypt.o
> > crypto-obj-y += ivgen.o
> > crypto-obj-y += ivgen-essiv.o
> > crypto-obj-y += ivgen-plain.o
>
> Do we also need a corresponding fix in tests/Makefile for the inclusion of
> tests/test-crypto-pbkdf ?
Yes, I should have changed that too. Will CC you on a likely fix.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
