diff options
| -rwxr-xr-x | configure | 100 | ||||
| -rw-r--r-- | crypto/cipher.c | 8 | ||||
| -rw-r--r-- | crypto/init.c | 26 |
3 files changed, 105 insertions, 29 deletions
@@ -331,6 +331,8 @@ gtkabi="" gtk_gl="no" gnutls="" gnutls_hash="" +nettle="" +gcrypt="" vte="" virglrenderer="" tpm="yes" @@ -1114,6 +1116,14 @@ for opt do ;; --enable-gnutls) gnutls="yes" ;; + --disable-nettle) nettle="no" + ;; + --enable-nettle) nettle="yes" + ;; + --disable-gcrypt) gcrypt="no" + ;; + --enable-gcrypt) gcrypt="yes" + ;; --enable-rdma) rdma="yes" ;; --disable-rdma) rdma="no" @@ -1324,6 +1334,8 @@ disabled with --disable-FEATURE, default is enabled if available: sparse sparse checker gnutls GNUTLS cryptography support + nettle nettle cryptography support + gcrypt libgcrypt cryptography support sdl SDL UI --with-sdlabi select preferred SDL ABI 1.2 or 2.0 gtk gtk UI @@ -2254,20 +2266,76 @@ else gnutls_hash="no" fi -if test "$gnutls_gcrypt" != "no"; then - if has "libgcrypt-config"; then + +# If user didn't give a --disable/enable-gcrypt flag, +# then mark as disabled if user requested nettle +# explicitly, or if gnutls links to nettle +if test -z "$gcrypt" +then + if test "$nettle" = "yes" || test "$gnutls_nettle" = "yes" + then + gcrypt="no" + fi +fi + +# If user didn't give a --disable/enable-nettle flag, +# then mark as disabled if user requested gcrypt +# explicitly, or if gnutls links to gcrypt +if test -z "$nettle" +then + if test "$gcrypt" = "yes" || test "$gnutls_gcrypt" = "yes" + then + nettle="no" + fi +fi + +has_libgcrypt_config() { + if ! has "libgcrypt-config" + then + return 1 + fi + + if test -n "$cross_prefix" + then + host=`libgcrypt-config --host` + if test "$host-" != $cross_prefix + then + return 1 + fi + fi + + return 0 +} + +if test "$gcrypt" != "no"; then + if has_libgcrypt_config; then gcrypt_cflags=`libgcrypt-config --cflags` gcrypt_libs=`libgcrypt-config --libs` + # Debian has remove -lgpg-error from libgcrypt-config + # as it "spreads unnecessary dependencies" which in + # turn breaks static builds... + if test "$static" = "yes" + then + gcrypt_libs="$gcrypt_libs -lgpg-error" + fi libs_softmmu="$gcrypt_libs $libs_softmmu" libs_tools="$gcrypt_libs $libs_tools" QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" + gcrypt="yes" + if test -z "$nettle"; then + nettle="no" + fi else - feature_not_found "gcrypt" "Install gcrypt devel" + if test "$gcrypt" = "yes"; then + feature_not_found "gcrypt" "Install gcrypt devel" + else + gcrypt="no" + fi fi fi -if test "$gnutls_nettle" != "no"; then +if test "$nettle" != "no"; then if $pkg_config --exists "nettle"; then nettle_cflags=`$pkg_config --cflags nettle` nettle_libs=`$pkg_config --libs nettle` @@ -2275,11 +2343,21 @@ if test "$gnutls_nettle" != "no"; then libs_softmmu="$nettle_libs $libs_softmmu" libs_tools="$nettle_libs $libs_tools" QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags" + nettle="yes" else - feature_not_found "nettle" "Install nettle devel" + if test "$nettle" = "yes"; then + feature_not_found "nettle" "Install nettle devel" + else + nettle="no" + fi fi fi +if test "$gcrypt" = "yes" && test "$nettle" = "yes" +then + error_exit "Only one of gcrypt & nettle can be enabled" +fi + ########################################## # libtasn1 - only for the TLS creds/session test suite @@ -4621,8 +4699,8 @@ echo "GTK support $gtk" echo "GTK GL support $gtk_gl" echo "GNUTLS support $gnutls" echo "GNUTLS hash $gnutls_hash" -echo "GNUTLS gcrypt $gnutls_gcrypt" -echo "GNUTLS nettle $gnutls_nettle ${gnutls_nettle+($nettle_version)}" +echo "libgcrypt $gcrypt" +echo "nettle $nettle ${nettle+($nettle_version)}" echo "libtasn1 $tasn1" echo "VTE support $vte" echo "curses support $curses" @@ -4991,11 +5069,11 @@ fi if test "$gnutls_hash" = "yes" ; then echo "CONFIG_GNUTLS_HASH=y" >> $config_host_mak fi -if test "$gnutls_gcrypt" = "yes" ; then - echo "CONFIG_GNUTLS_GCRYPT=y" >> $config_host_mak +if test "$gcrypt" = "yes" ; then + echo "CONFIG_GCRYPT=y" >> $config_host_mak fi -if test "$gnutls_nettle" = "yes" ; then - echo "CONFIG_GNUTLS_NETTLE=y" >> $config_host_mak +if test "$nettle" = "yes" ; then + echo "CONFIG_NETTLE=y" >> $config_host_mak echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak fi if test "$tasn1" = "yes" ; then diff --git a/crypto/cipher.c b/crypto/cipher.c index 024a00cb54..c8bd180532 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -47,7 +47,7 @@ qcrypto_cipher_validate_key_length(QCryptoCipherAlgorithm alg, return true; } -#if defined(CONFIG_GNUTLS_GCRYPT) || defined(CONFIG_GNUTLS_NETTLE) +#if defined(CONFIG_GCRYPT) || defined(CONFIG_NETTLE) static uint8_t * qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, size_t nkey) @@ -63,11 +63,11 @@ qcrypto_cipher_munge_des_rfb_key(const uint8_t *key, } return ret; } -#endif /* CONFIG_GNUTLS_GCRYPT || CONFIG_GNUTLS_NETTLE */ +#endif /* CONFIG_GCRYPT || CONFIG_NETTLE */ -#ifdef CONFIG_GNUTLS_GCRYPT +#ifdef CONFIG_GCRYPT #include "crypto/cipher-gcrypt.c" -#elif defined CONFIG_GNUTLS_NETTLE +#elif defined CONFIG_NETTLE #include "crypto/cipher-nettle.c" #else #include "crypto/cipher-builtin.c" diff --git a/crypto/init.c b/crypto/init.c index 7447882c7b..d94faacdf2 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -24,8 +24,9 @@ #ifdef CONFIG_GNUTLS #include <gnutls/gnutls.h> #include <gnutls/crypto.h> +#endif -#ifdef CONFIG_GNUTLS_GCRYPT +#ifdef CONFIG_GCRYPT #include <gcrypt.h> #endif @@ -37,6 +38,7 @@ * - When GNUTLS >= 2.12, we must not initialize gcrypt threading * because GNUTLS will do that itself * - When GNUTLS < 2.12 we must always initialize gcrypt threading + * - When GNUTLS is disabled we must always initialize gcrypt threading * * But.... * @@ -47,12 +49,15 @@ * * - gcrypt < 1.6.0 * AND - * - gnutls < 2.12 + * - gnutls < 2.12 + * OR + * - gnutls is disabled * */ -#if (defined(CONFIG_GNUTLS_GCRYPT) && \ - (!defined(GNUTLS_VERSION_NUMBER) || \ +#if (defined(CONFIG_GCRYPT) && \ + (!defined(CONFIG_GNUTLS) || \ + !defined(GNUTLS_VERSION_NUMBER) || \ (GNUTLS_VERSION_NUMBER < 0x020c00)) && \ (!defined(GCRYPT_VERSION_NUMBER) || \ (GCRYPT_VERSION_NUMBER < 0x010600))) @@ -113,6 +118,7 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = { int qcrypto_init(Error **errp) { +#ifdef CONFIG_GNUTLS int ret; ret = gnutls_global_init(); if (ret < 0) { @@ -125,8 +131,9 @@ int qcrypto_init(Error **errp) gnutls_global_set_log_level(10); gnutls_global_set_log_function(qcrypto_gnutls_log); #endif +#endif -#ifdef CONFIG_GNUTLS_GCRYPT +#ifdef CONFIG_GCRYPT if (!gcry_check_version(GCRYPT_VERSION)) { error_setg(errp, "Unable to initialize gcrypt"); return -1; @@ -139,12 +146,3 @@ int qcrypto_init(Error **errp) return 0; } - -#else /* ! CONFIG_GNUTLS */ - -int qcrypto_init(Error **errp G_GNUC_UNUSED) -{ - return 0; -} - -#endif /* ! CONFIG_GNUTLS */ |