subject:"\[Qemu\-devel\] \[PATCH\] crypto\: do an explicit check for nettle pbkdf functions"

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

2016-04-04 Thread Daniel P. Berrange

On Thu, Mar 31, 2016 at 07:06:28AM -0600, Bruce Rogers wrote:
> >>> On 3/29/2016 at 08:50 AM, "Daniel P. Berrange"  
> >>> wrote: 
> > Support for the PBKDF functions in nettle was not introduced
> > until version 2.6. Some distros QEMU targets have older
> > versions and thus lack PBKDF support. Address this by doing
> > a check in configure for the desired function and then skipping
> > compilation of the nettle-pbkdf.o module
> > 
> > Reported-by: Wen Congyang 
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  configure| 16 
> >  crypto/Makefile.objs |  4 ++--
> >  2 files changed, 18 insertions(+), 2 deletions(-)
> > 
> > diff --git a/configure b/configure
> > index f4a03b8..2d78bcd 100755
> > --- a/configure
> > +++ b/configure
> > @@ -308,6 +308,7 @@ gnutls=""
> >  gnutls_hash=""
> >  gnutls_rnd=""
> >  nettle=""
> > +nettle_kdf="no"
> >  gcrypt=""
> >  gcrypt_kdf="no"
> >  vte=""
> > @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
> >  libs_tools="$nettle_libs $libs_tools"
> >  QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
> >  nettle="yes"
> > +
> > +cat > $TMPC << EOF
> > +#include 
> > +int main(void) {
> > + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
> > + return 0;
> > +}
> > +EOF
> > +if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> > +nettle_kdf=yes
> > +fi
> >  else
> >  if test "$nettle" = "yes"; then
> >  feature_not_found "nettle" "Install nettle devel"
> > @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
> >  else
> >  echo "nettle$nettle"
> >  fi
> > +echo "nettle kdf$nettle_kdf"
> >  echo "libtasn1  $tasn1"
> >  echo "VTE support   $vte"
> >  echo "curses support$curses"
> > @@ -5130,6 +5143,9 @@ fi
> >  if test "$nettle" = "yes" ; then
> >echo "CONFIG_NETTLE=y" >> $config_host_mak
> >echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> 
> > $config_host_mak
> > +  if test "$nettle_kdf" = "yes" ; then
> > +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
> > +  fi
> >  fi
> >  if test "$tasn1" = "yes" ; then
> >echo "CONFIG_TASN1=y" >> $config_host_mak
> > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> > index 9f2c87e..0737f48 100644
> > --- a/crypto/Makefile.objs
> > +++ b/crypto/Makefile.objs
> > @@ -11,8 +11,8 @@ crypto-obj-y += secret.o
> >  crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
> >  crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
> >  crypto-obj-y += pbkdf.o
> > -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
> > -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
> > +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
> > +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += 
> > pbkdf-gcrypt.o
> >  crypto-obj-y += ivgen.o
> >  crypto-obj-y += ivgen-essiv.o
> >  crypto-obj-y += ivgen-plain.o
> 
> Do we also need a corresponding fix in tests/Makefile for the inclusion of
> tests/test-crypto-pbkdf ?

Yes, I should have changed that too. Will CC you on a likely fix.


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

2016-03-31 Thread Bruce Rogers

>>> On 3/29/2016 at 08:50 AM, "Daniel P. Berrange"  wrote: 
> Support for the PBKDF functions in nettle was not introduced
> until version 2.6. Some distros QEMU targets have older
> versions and thus lack PBKDF support. Address this by doing
> a check in configure for the desired function and then skipping
> compilation of the nettle-pbkdf.o module
> 
> Reported-by: Wen Congyang 
> Signed-off-by: Daniel P. Berrange 
> ---
>  configure| 16 
>  crypto/Makefile.objs |  4 ++--
>  2 files changed, 18 insertions(+), 2 deletions(-)
> 
> diff --git a/configure b/configure
> index f4a03b8..2d78bcd 100755
> --- a/configure
> +++ b/configure
> @@ -308,6 +308,7 @@ gnutls=""
>  gnutls_hash=""
>  gnutls_rnd=""
>  nettle=""
> +nettle_kdf="no"
>  gcrypt=""
>  gcrypt_kdf="no"
>  vte=""
> @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
>  libs_tools="$nettle_libs $libs_tools"
>  QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
>  nettle="yes"
> +
> +cat > $TMPC << EOF
> +#include 
> +int main(void) {
> + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
> + return 0;
> +}
> +EOF
> +if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> +nettle_kdf=yes
> +fi
>  else
>  if test "$nettle" = "yes"; then
>  feature_not_found "nettle" "Install nettle devel"
> @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
>  else
>  echo "nettle$nettle"
>  fi
> +echo "nettle kdf$nettle_kdf"
>  echo "libtasn1  $tasn1"
>  echo "VTE support   $vte"
>  echo "curses support$curses"
> @@ -5130,6 +5143,9 @@ fi
>  if test "$nettle" = "yes" ; then
>echo "CONFIG_NETTLE=y" >> $config_host_mak
>echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> 
> $config_host_mak
> +  if test "$nettle_kdf" = "yes" ; then
> +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
> +  fi
>  fi
>  if test "$tasn1" = "yes" ; then
>echo "CONFIG_TASN1=y" >> $config_host_mak
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 9f2c87e..0737f48 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -11,8 +11,8 @@ crypto-obj-y += secret.o
>  crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
>  crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
>  crypto-obj-y += pbkdf.o
> -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
> -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
> +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
> +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += 
> pbkdf-gcrypt.o
>  crypto-obj-y += ivgen.o
>  crypto-obj-y += ivgen-essiv.o
>  crypto-obj-y += ivgen-plain.o

Do we also need a corresponding fix in tests/Makefile for the inclusion of
tests/test-crypto-pbkdf ?

Bruce

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

2016-03-29 Thread Wen Congyang

On 03/29/2016 10:50 PM, Daniel P. Berrange wrote:
> Support for the PBKDF functions in nettle was not introduced
> until version 2.6. Some distros QEMU targets have older
> versions and thus lack PBKDF support. Address this by doing
> a check in configure for the desired function and then skipping
> compilation of the nettle-pbkdf.o module
> 
> Reported-by: Wen Congyang 
> Signed-off-by: Daniel P. Berrange 

I build the qemu with this patch. It is OK now.

Thanks
Wen Congyang

> ---
>  configure| 16 
>  crypto/Makefile.objs |  4 ++--
>  2 files changed, 18 insertions(+), 2 deletions(-)
> 
> diff --git a/configure b/configure
> index f4a03b8..2d78bcd 100755
> --- a/configure
> +++ b/configure
> @@ -308,6 +308,7 @@ gnutls=""
>  gnutls_hash=""
>  gnutls_rnd=""
>  nettle=""
> +nettle_kdf="no"
>  gcrypt=""
>  gcrypt_kdf="no"
>  vte=""
> @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
>  libs_tools="$nettle_libs $libs_tools"
>  QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
>  nettle="yes"
> +
> +cat > $TMPC << EOF
> +#include 
> +int main(void) {
> + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
> + return 0;
> +}
> +EOF
> +if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> +nettle_kdf=yes
> +fi
>  else
>  if test "$nettle" = "yes"; then
>  feature_not_found "nettle" "Install nettle devel"
> @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
>  else
>  echo "nettle$nettle"
>  fi
> +echo "nettle kdf$nettle_kdf"
>  echo "libtasn1  $tasn1"
>  echo "VTE support   $vte"
>  echo "curses support$curses"
> @@ -5130,6 +5143,9 @@ fi
>  if test "$nettle" = "yes" ; then
>echo "CONFIG_NETTLE=y" >> $config_host_mak
>echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> 
> $config_host_mak
> +  if test "$nettle_kdf" = "yes" ; then
> +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
> +  fi
>  fi
>  if test "$tasn1" = "yes" ; then
>echo "CONFIG_TASN1=y" >> $config_host_mak
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 9f2c87e..0737f48 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -11,8 +11,8 @@ crypto-obj-y += secret.o
>  crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
>  crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
>  crypto-obj-y += pbkdf.o
> -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
> -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
> +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
> +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += 
> pbkdf-gcrypt.o
>  crypto-obj-y += ivgen.o
>  crypto-obj-y += ivgen-essiv.o
>  crypto-obj-y += ivgen-plain.o
>

[Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

2016-03-29 Thread Daniel P. Berrange

Support for the PBKDF functions in nettle was not introduced
until version 2.6. Some distros QEMU targets have older
versions and thus lack PBKDF support. Address this by doing
a check in configure for the desired function and then skipping
compilation of the nettle-pbkdf.o module

Reported-by: Wen Congyang 
Signed-off-by: Daniel P. Berrange 
---
 configure| 16 
 crypto/Makefile.objs |  4 ++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index f4a03b8..2d78bcd 100755
--- a/configure
+++ b/configure
@@ -308,6 +308,7 @@ gnutls=""
 gnutls_hash=""
 gnutls_rnd=""
 nettle=""
+nettle_kdf="no"
 gcrypt=""
 gcrypt_kdf="no"
 vte=""
@@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
 libs_tools="$nettle_libs $libs_tools"
 QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
 nettle="yes"
+
+cat > $TMPC << EOF
+#include 
+int main(void) {
+ pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
+ return 0;
+}
+EOF
+if compile_prog "$nettle_cflags" "$nettle_libs" ; then
+nettle_kdf=yes
+fi
 else
 if test "$nettle" = "yes"; then
 feature_not_found "nettle" "Install nettle devel"
@@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
 else
 echo "nettle$nettle"
 fi
+echo "nettle kdf$nettle_kdf"
 echo "libtasn1  $tasn1"
 echo "VTE support   $vte"
 echo "curses support$curses"
@@ -5130,6 +5143,9 @@ fi
 if test "$nettle" = "yes" ; then
   echo "CONFIG_NETTLE=y" >> $config_host_mak
   echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
+  if test "$nettle_kdf" = "yes" ; then
+echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
+  fi
 fi
 if test "$tasn1" = "yes" ; then
   echo "CONFIG_TASN1=y" >> $config_host_mak
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 9f2c87e..0737f48 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -11,8 +11,8 @@ crypto-obj-y += secret.o
 crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
 crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
 crypto-obj-y += pbkdf.o
-crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
-crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
+crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
+crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
 crypto-obj-y += ivgen.o
 crypto-obj-y += ivgen-essiv.o
 crypto-obj-y += ivgen-plain.o
-- 
2.5.5

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

[Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions

4 matches

Site Navigation

Mail list logo

Footer information