Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions
On Thu, Mar 31, 2016 at 07:06:28AM -0600, Bruce Rogers wrote: > >>> On 3/29/2016 at 08:50 AM, "Daniel P. Berrange"> >>> wrote: > > Support for the PBKDF functions in nettle was not introduced > > until version 2.6. Some distros QEMU targets have older > > versions and thus lack PBKDF support. Address this by doing > > a check in configure for the desired function and then skipping > > compilation of the nettle-pbkdf.o module > > > > Reported-by: Wen Congyang > > Signed-off-by: Daniel P. Berrange > > --- > > configure| 16 > > crypto/Makefile.objs | 4 ++-- > > 2 files changed, 18 insertions(+), 2 deletions(-) > > > > diff --git a/configure b/configure > > index f4a03b8..2d78bcd 100755 > > --- a/configure > > +++ b/configure > > @@ -308,6 +308,7 @@ gnutls="" > > gnutls_hash="" > > gnutls_rnd="" > > nettle="" > > +nettle_kdf="no" > > gcrypt="" > > gcrypt_kdf="no" > > vte="" > > @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then > > libs_tools="$nettle_libs $libs_tools" > > QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" > > nettle="yes" > > + > > +cat > $TMPC << EOF > > +#include > > +int main(void) { > > + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL); > > + return 0; > > +} > > +EOF > > +if compile_prog "$nettle_cflags" "$nettle_libs" ; then > > +nettle_kdf=yes > > +fi > > else > > if test "$nettle" = "yes"; then > > feature_not_found "nettle" "Install nettle devel" > > @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then > > else > > echo "nettle$nettle" > > fi > > +echo "nettle kdf$nettle_kdf" > > echo "libtasn1 $tasn1" > > echo "VTE support $vte" > > echo "curses support$curses" > > @@ -5130,6 +5143,9 @@ fi > > if test "$nettle" = "yes" ; then > >echo "CONFIG_NETTLE=y" >> $config_host_mak > >echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> > > $config_host_mak > > + if test "$nettle_kdf" = "yes" ; then > > +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak > > + fi > > fi > > if test "$tasn1" = "yes" ; then > >echo "CONFIG_TASN1=y" >> $config_host_mak > > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs > > index 9f2c87e..0737f48 100644 > > --- a/crypto/Makefile.objs > > +++ b/crypto/Makefile.objs > > @@ -11,8 +11,8 @@ crypto-obj-y += secret.o > > crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o > > crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o > > crypto-obj-y += pbkdf.o > > -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o > > -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o > > +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o > > +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += > > pbkdf-gcrypt.o > > crypto-obj-y += ivgen.o > > crypto-obj-y += ivgen-essiv.o > > crypto-obj-y += ivgen-plain.o > > Do we also need a corresponding fix in tests/Makefile for the inclusion of > tests/test-crypto-pbkdf ? Yes, I should have changed that too. Will CC you on a likely fix. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions
>>> On 3/29/2016 at 08:50 AM, "Daniel P. Berrange"wrote: > Support for the PBKDF functions in nettle was not introduced > until version 2.6. Some distros QEMU targets have older > versions and thus lack PBKDF support. Address this by doing > a check in configure for the desired function and then skipping > compilation of the nettle-pbkdf.o module > > Reported-by: Wen Congyang > Signed-off-by: Daniel P. Berrange > --- > configure| 16 > crypto/Makefile.objs | 4 ++-- > 2 files changed, 18 insertions(+), 2 deletions(-) > > diff --git a/configure b/configure > index f4a03b8..2d78bcd 100755 > --- a/configure > +++ b/configure > @@ -308,6 +308,7 @@ gnutls="" > gnutls_hash="" > gnutls_rnd="" > nettle="" > +nettle_kdf="no" > gcrypt="" > gcrypt_kdf="no" > vte="" > @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then > libs_tools="$nettle_libs $libs_tools" > QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" > nettle="yes" > + > +cat > $TMPC << EOF > +#include > +int main(void) { > + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL); > + return 0; > +} > +EOF > +if compile_prog "$nettle_cflags" "$nettle_libs" ; then > +nettle_kdf=yes > +fi > else > if test "$nettle" = "yes"; then > feature_not_found "nettle" "Install nettle devel" > @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then > else > echo "nettle$nettle" > fi > +echo "nettle kdf$nettle_kdf" > echo "libtasn1 $tasn1" > echo "VTE support $vte" > echo "curses support$curses" > @@ -5130,6 +5143,9 @@ fi > if test "$nettle" = "yes" ; then >echo "CONFIG_NETTLE=y" >> $config_host_mak >echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> > $config_host_mak > + if test "$nettle_kdf" = "yes" ; then > +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak > + fi > fi > if test "$tasn1" = "yes" ; then >echo "CONFIG_TASN1=y" >> $config_host_mak > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs > index 9f2c87e..0737f48 100644 > --- a/crypto/Makefile.objs > +++ b/crypto/Makefile.objs > @@ -11,8 +11,8 @@ crypto-obj-y += secret.o > crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o > crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o > crypto-obj-y += pbkdf.o > -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o > -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o > +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o > +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += > pbkdf-gcrypt.o > crypto-obj-y += ivgen.o > crypto-obj-y += ivgen-essiv.o > crypto-obj-y += ivgen-plain.o Do we also need a corresponding fix in tests/Makefile for the inclusion of tests/test-crypto-pbkdf ? Bruce
Re: [Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions
On 03/29/2016 10:50 PM, Daniel P. Berrange wrote: > Support for the PBKDF functions in nettle was not introduced > until version 2.6. Some distros QEMU targets have older > versions and thus lack PBKDF support. Address this by doing > a check in configure for the desired function and then skipping > compilation of the nettle-pbkdf.o module > > Reported-by: Wen Congyang> Signed-off-by: Daniel P. Berrange I build the qemu with this patch. It is OK now. Thanks Wen Congyang > --- > configure| 16 > crypto/Makefile.objs | 4 ++-- > 2 files changed, 18 insertions(+), 2 deletions(-) > > diff --git a/configure b/configure > index f4a03b8..2d78bcd 100755 > --- a/configure > +++ b/configure > @@ -308,6 +308,7 @@ gnutls="" > gnutls_hash="" > gnutls_rnd="" > nettle="" > +nettle_kdf="no" > gcrypt="" > gcrypt_kdf="no" > vte="" > @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then > libs_tools="$nettle_libs $libs_tools" > QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" > nettle="yes" > + > +cat > $TMPC << EOF > +#include > +int main(void) { > + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL); > + return 0; > +} > +EOF > +if compile_prog "$nettle_cflags" "$nettle_libs" ; then > +nettle_kdf=yes > +fi > else > if test "$nettle" = "yes"; then > feature_not_found "nettle" "Install nettle devel" > @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then > else > echo "nettle$nettle" > fi > +echo "nettle kdf$nettle_kdf" > echo "libtasn1 $tasn1" > echo "VTE support $vte" > echo "curses support$curses" > @@ -5130,6 +5143,9 @@ fi > if test "$nettle" = "yes" ; then >echo "CONFIG_NETTLE=y" >> $config_host_mak >echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> > $config_host_mak > + if test "$nettle_kdf" = "yes" ; then > +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak > + fi > fi > if test "$tasn1" = "yes" ; then >echo "CONFIG_TASN1=y" >> $config_host_mak > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs > index 9f2c87e..0737f48 100644 > --- a/crypto/Makefile.objs > +++ b/crypto/Makefile.objs > @@ -11,8 +11,8 @@ crypto-obj-y += secret.o > crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o > crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o > crypto-obj-y += pbkdf.o > -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o > -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o > +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o > +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += > pbkdf-gcrypt.o > crypto-obj-y += ivgen.o > crypto-obj-y += ivgen-essiv.o > crypto-obj-y += ivgen-plain.o >
[Qemu-devel] [PATCH] crypto: do an explicit check for nettle pbkdf functions
Support for the PBKDF functions in nettle was not introduced until version 2.6. Some distros QEMU targets have older versions and thus lack PBKDF support. Address this by doing a check in configure for the desired function and then skipping compilation of the nettle-pbkdf.o module Reported-by: Wen CongyangSigned-off-by: Daniel P. Berrange --- configure| 16 crypto/Makefile.objs | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configure b/configure index f4a03b8..2d78bcd 100755 --- a/configure +++ b/configure @@ -308,6 +308,7 @@ gnutls="" gnutls_hash="" gnutls_rnd="" nettle="" +nettle_kdf="no" gcrypt="" gcrypt_kdf="no" vte="" @@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then libs_tools="$nettle_libs $libs_tools" QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" nettle="yes" + +cat > $TMPC << EOF +#include +int main(void) { + pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL); + return 0; +} +EOF +if compile_prog "$nettle_cflags" "$nettle_libs" ; then +nettle_kdf=yes +fi else if test "$nettle" = "yes"; then feature_not_found "nettle" "Install nettle devel" @@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then else echo "nettle$nettle" fi +echo "nettle kdf$nettle_kdf" echo "libtasn1 $tasn1" echo "VTE support $vte" echo "curses support$curses" @@ -5130,6 +5143,9 @@ fi if test "$nettle" = "yes" ; then echo "CONFIG_NETTLE=y" >> $config_host_mak echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak + if test "$nettle_kdf" = "yes" ; then +echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak + fi fi if test "$tasn1" = "yes" ; then echo "CONFIG_TASN1=y" >> $config_host_mak diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index 9f2c87e..0737f48 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -11,8 +11,8 @@ crypto-obj-y += secret.o crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o crypto-obj-y += pbkdf.o -crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o -crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o +crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o crypto-obj-y += ivgen.o crypto-obj-y += ivgen-essiv.o crypto-obj-y += ivgen-plain.o -- 2.5.5