From patchwork Fri Oct 19 13:43:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 986816 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42c6f20vDnz9sDK for ; Sat, 20 Oct 2018 00:46:50 +1100 (AEDT) Received: from localhost ([::1]:50648 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gDV71-0002G7-Dp for incoming@patchwork.ozlabs.org; Fri, 19 Oct 2018 09:46:47 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39561) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gDV4N-0000TR-0E for qemu-devel@nongnu.org; Fri, 19 Oct 2018 09:44:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gDV4H-00083V-Qn for qemu-devel@nongnu.org; Fri, 19 Oct 2018 09:44:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:15916) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gDV3x-0006tr-56 for qemu-devel@nongnu.org; Fri, 19 Oct 2018 09:43:57 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D17845F74C; Fri, 19 Oct 2018 13:43:22 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA6506532C; Fri, 19 Oct 2018 13:43:21 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Fri, 19 Oct 2018 14:43:17 +0100 Message-Id: <20181019134318.17155-3-berrange@redhat.com> In-Reply-To: <20181019134318.17155-1-berrange@redhat.com> References: <20181019134318.17155-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 19 Oct 2018 13:43:22 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 2/3] crypto: require libgcrypt >= 1.5.0 for building QEMU X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" libgcrypt 1.5.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 1.5.3 Debian (Stretch): 1.7.6 Debian (Jessie): 1.6.3 OpenBSD (ports): 1.8.2 FreeBSD (ports): 1.8.3 OpenSUSE Leap 15: 1.8.2 Ubuntu (Xenial): 1.6.5 macOS (Homebrew): 1.8.3 Based on this, it is reasonable to require libgcrypt >= 1.5.0 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé --- configure | 32 +++++++++++--------------------- crypto/init.c | 3 +-- tests/test-crypto-block.c | 2 +- crypto/Makefile.objs | 2 +- tests/Makefile.include | 2 +- 5 files changed, 15 insertions(+), 26 deletions(-) diff --git a/configure b/configure index 008f666c83..f943d6618a 100755 --- a/configure +++ b/configure @@ -461,7 +461,6 @@ nettle="" nettle_kdf="no" gcrypt="" gcrypt_hmac="no" -gcrypt_kdf="no" vte="" virglrenderer="" tpm="yes" @@ -2703,7 +2702,7 @@ then fi fi -has_libgcrypt_config() { +has_libgcrypt() { if ! has "libgcrypt-config" then return 1 @@ -2718,6 +2717,14 @@ has_libgcrypt_config() { fi fi + maj=`libgcrypt-config --version | awk -F . '{print $1}'` + min=`libgcrypt-config --version | awk -F . '{print $2}'` + + if test $maj != 1 || test $min -lt 5 + then + return 1 + fi + return 0 } @@ -2756,7 +2763,7 @@ EOF fi if test "$gcrypt" != "no"; then - if has_libgcrypt_config; then + if has_libgcrypt; then gcrypt_cflags=$(libgcrypt-config --cflags) gcrypt_libs=$(libgcrypt-config --libs) # Debian has remove -lgpg-error from libgcrypt-config @@ -2773,19 +2780,6 @@ if test "$gcrypt" != "no"; then cat > $TMPC << EOF #include -int main(void) { - gcry_kdf_derive(NULL, 0, GCRY_KDF_PBKDF2, - GCRY_MD_SHA256, - NULL, 0, 0, 0, NULL); - return 0; -} -EOF - if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then - gcrypt_kdf=yes - fi - - cat > $TMPC << EOF -#include int main(void) { gcry_mac_hd_t handle; gcry_mac_open(&handle, GCRY_MAC_HMAC_MD5, @@ -2798,7 +2792,7 @@ EOF fi else if test "$gcrypt" = "yes"; then - feature_not_found "gcrypt" "Install gcrypt devel" + feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0" else gcrypt="no" fi @@ -5911,7 +5905,6 @@ echo "VTE support $vte $(echo_version $vte $vteversion)" echo "TLS priority $tls_priority" echo "GNUTLS support $gnutls" echo "libgcrypt $gcrypt" -echo "libgcrypt kdf $gcrypt_kdf" echo "nettle $nettle $(echo_version $nettle $nettle_version)" echo "nettle kdf $nettle_kdf" echo "libtasn1 $tasn1" @@ -6354,9 +6347,6 @@ if test "$gcrypt" = "yes" ; then if test "$gcrypt_hmac" = "yes" ; then echo "CONFIG_GCRYPT_HMAC=y" >> $config_host_mak fi - if test "$gcrypt_kdf" = "yes" ; then - echo "CONFIG_GCRYPT_KDF=y" >> $config_host_mak - fi fi if test "$nettle" = "yes" ; then echo "CONFIG_NETTLE=y" >> $config_host_mak diff --git a/crypto/init.c b/crypto/init.c index 10bf72463c..c30156405a 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -44,8 +44,7 @@ */ #if (defined(CONFIG_GCRYPT) && \ - (!defined(GCRYPT_VERSION_NUMBER) || \ - (GCRYPT_VERSION_NUMBER < 0x010600))) + (GCRYPT_VERSION_NUMBER < 0x010600)) #define QCRYPTO_INIT_GCRYPT_THREADS #else #undef QCRYPTO_INIT_GCRYPT_THREADS diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index fd29a045d2..bd512cc79a 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -29,7 +29,7 @@ #endif #if (defined(_WIN32) || defined RUSAGE_THREAD) && \ - (defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT_KDF)) + (defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT)) #define TEST_LUKS #else #undef TEST_LUKS diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs index a62cedaf36..6a908f51f5 100644 --- a/crypto/Makefile.objs +++ b/crypto/Makefile.objs @@ -24,7 +24,7 @@ crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o crypto-obj-y += pbkdf.o crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o -crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o +crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o crypto-obj-y += ivgen.o crypto-obj-y += ivgen-essiv.o crypto-obj-y += ivgen-plain.o diff --git a/tests/Makefile.include b/tests/Makefile.include index 7fe8578972..0c8113ffa6 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -115,7 +115,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF) check-unit-y += tests/test-io-channel-command$(EXESUF) check-unit-y += tests/test-io-channel-buffer$(EXESUF) check-unit-y += tests/test-base64$(EXESUF) -check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF) +check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF) check-unit-y += tests/test-crypto-ivgen$(EXESUF) check-unit-y += tests/test-crypto-afsplit$(EXESUF) check-unit-y += tests/test-crypto-xts$(EXESUF)