aboutsummaryrefslogtreecommitdiff
path: root/crypto/init.c
AgeCommit message (Collapse)Author
2015-10-22crypto: allow use of nettle/gcrypt to be selected explicitlyDaniel P. Berrange
Currently the choice of whether to use nettle or gcrypt is made based on what gnutls is linked to. There are times when it is desirable to be able to force build against a specific library. For example, if testing changes to QEMU's crypto code all 3 possible backends need to be checked regardless of what the local gnutls uses. It is also desirable to be able to enable nettle/gcrypt for cipher/hash algorithms, without enabling gnutls for TLS support. This gives two new configure flags, which allow the following possibilities Automatically determine nettle vs gcrypt from what gnutls links to (recommended to minimize number of crypto libraries linked to) ./configure Automatically determine nettle vs gcrypt based on which is installed ./configure --disable-gnutls Force use of nettle ./configure --enable-nettle Force use of gcrypt ./configure --enable-gcrypt Force use of built-in AES & crippled-DES ./configure --disable-nettle --disable-gcrypt Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-07-08crypto: add a gcrypt cipher implementationDaniel P. Berrange
If we are linking to gnutls already and gnutls is built against gcrypt, then we should use gcrypt as a cipher backend in preference to our built-in backend. This will be used when linking against GNUTLS 1.x and many GNUTLS 2.x versions. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-6-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-07crypto: introduce new module for computing hash digestsDaniel P. Berrange
Introduce a new crypto/ directory that will (eventually) contain all the cryptographic related code. This initially defines a wrapper for initializing gnutls and for computing hashes with gnutls. The former ensures that gnutls is guaranteed to be initialized exactly once in QEMU regardless of CLI args. The block quorum code currently fails to initialize gnutls so it only works by luck, if VNC server TLS is not requested. The hash APIs avoids the need to litter the rest of the code with preprocessor checks and simplifies callers by allocating the correct amount of memory for the requested hash. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>