Changeset
config-post.h              |  2 --
m4/virt-gnutls.m4          | 50 +++-------------------------
src/libvirt.c              | 83 ----------------------------------------------
src/rpc/virnettlscontext.c |  4 +--
src/util/vircrypto.c       | 28 ++++++++--------
src/util/vircrypto.h       |  2 +-
tests/qemuxml2argvtest.c   |  8 ++---
tests/vircryptotest.c      | 26 ++++++++++-----
tests/virfilecachetest.c   | 19 ++++++++---
9 files changed, 58 insertions(+), 164 deletions(-)
Git apply log
Switched to a new branch 'cover.1526385621.git.jtomko@redhat.com'
Applying: virCryptoHashBuf: return the length of the hash in bytes
Applying: Skip vircryptotest and virfilecachetest without gnutls
Applying: Require GnuTLS >= 3.2.0
Applying: Deprecate GNUTLS_GCRYPT
Applying: Remove explicit check for gnutls_rnd
Applying: Remove explicit check for gnutls_cipher_encrypt
Applying: Fix indentation in virCryptoHaveCipher
Applying: Remove check for gnutls/crypto.h
To https://github.com/patchew-project/libvirt
 * [new tag]         patchew/cover.1526385621.git.jtomko@redhat.com -> patchew/cover.1526385621.git.jtomko@redhat.com
Test passed: syntax-check

loading

[libvirt] [PATCH 0/8] GnuTLS fixes and requirements
Posted by Ján Tomko, 1 week ago
The first two patches fix the build and tests without GnuTLS.
The third requires GnuTLS 3.2.0 or newer.

That means we don't have to worry about gnutls_hash_fast not
being present (introduced in GnuTLS 2.10.0).

The rest of the patches cleans up the code that deals with older
GnuTLS.

Ján Tomko (8):
  virCryptoHashBuf: return the length of the hash in bytes
  Skip vircryptotest and virfilecachetest without gnutls
  Require GnuTLS >= 3.2.0
  Deprecate GNUTLS_GCRYPT
  Remove explicit check for gnutls_rnd
  Remove explicit check for gnutls_cipher_encrypt
  Fix indentation in virCryptoHaveCipher
  Remove check for gnutls/crypto.h

 config-post.h              |  2 --
 m4/virt-gnutls.m4          | 50 +++-------------------------
 src/libvirt.c              | 83 ----------------------------------------------
 src/rpc/virnettlscontext.c |  4 +--
 src/util/vircrypto.c       | 28 ++++++++--------
 src/util/vircrypto.h       |  2 +-
 tests/qemuxml2argvtest.c   |  8 ++---
 tests/vircryptotest.c      | 26 ++++++++++-----
 tests/virfilecachetest.c   | 19 ++++++++---
 9 files changed, 58 insertions(+), 164 deletions(-)

-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/8] GnuTLS fixes and requirements
Posted by Michal Privoznik, 6 days ago
On 05/15/2018 02:03 PM, Ján Tomko wrote:
> The first two patches fix the build and tests without GnuTLS.
> The third requires GnuTLS 3.2.0 or newer.
> 
> That means we don't have to worry about gnutls_hash_fast not
> being present (introduced in GnuTLS 2.10.0).
> 
> The rest of the patches cleans up the code that deals with older
> GnuTLS.
> 
> Ján Tomko (8):
>   virCryptoHashBuf: return the length of the hash in bytes
>   Skip vircryptotest and virfilecachetest without gnutls
>   Require GnuTLS >= 3.2.0
>   Deprecate GNUTLS_GCRYPT
>   Remove explicit check for gnutls_rnd
>   Remove explicit check for gnutls_cipher_encrypt
>   Fix indentation in virCryptoHaveCipher
>   Remove check for gnutls/crypto.h
> 
>  config-post.h              |  2 --
>  m4/virt-gnutls.m4          | 50 +++-------------------------
>  src/libvirt.c              | 83 ----------------------------------------------
>  src/rpc/virnettlscontext.c |  4 +--
>  src/util/vircrypto.c       | 28 ++++++++--------
>  src/util/vircrypto.h       |  2 +-
>  tests/qemuxml2argvtest.c   |  8 ++---
>  tests/vircryptotest.c      | 26 ++++++++++-----
>  tests/virfilecachetest.c   | 19 ++++++++---
>  9 files changed, 58 insertions(+), 164 deletions(-)
> 

ACK series.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/8] virCryptoHashBuf: return the length of the hash in bytes
Posted by Ján Tomko, 1 week ago
virCryptoHashString also needs to know the size of the returned hash.
Return it if the hash conversion succeeded so the caller does not need
to access the hashinfo array.

This should make virCryptoHashString build without gnutls.
Also fixes the missing return value for the virCryptoHashBuf stub.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Suggested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/util/vircrypto.c | 14 ++++++++------
 src/util/vircrypto.h |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 62a027353b..d110adfe59 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -54,7 +54,7 @@ struct virHashInfo {
 
 verify(ARRAY_CARDINALITY(hashinfo) == VIR_CRYPTO_HASH_LAST);
 
-int
+ssize_t
 virCryptoHashBuf(virCryptoHash hash,
                  const char *input,
                  unsigned char *output)
@@ -74,16 +74,17 @@ virCryptoHashBuf(virCryptoHash hash,
         return -1;
     }
 
-    return 0;
+    return hashinfo[hash].hashlen;
 }
 #else
-int
+ssize_t
 virCryptoHashBuf(virCryptoHash hash,
                  const char *input ATTRIBUTE_UNUSED,
                  unsigned char *output ATTRIBUTE_UNUSED)
 {
     virReportError(VIR_ERR_INVALID_ARG,
                    _("algorithm=%d is not supported"), hash);
+    return -1;
 }
 #endif
 
@@ -93,18 +94,19 @@ virCryptoHashString(virCryptoHash hash,
                     char **output)
 {
     unsigned char buf[VIR_CRYPTO_LARGEST_DIGEST_SIZE];
+    ssize_t rc;
     size_t hashstrlen;
     size_t i;
 
-    if (virCryptoHashBuf(hash, input, buf) < 0)
+    if ((rc = virCryptoHashBuf(hash, input, buf)) < 0)
         return -1;
 
-    hashstrlen = (hashinfo[hash].hashlen * 2) + 1;
+    hashstrlen = (rc * 2) + 1;
 
     if (VIR_ALLOC_N(*output, hashstrlen) < 0)
         return -1;
 
-    for (i = 0; i < hashinfo[hash].hashlen; i++) {
+    for (i = 0; i < rc; i++) {
         (*output)[i * 2] = hex[(buf[i] >> 4) & 0xf];
         (*output)[(i * 2) + 1] = hex[buf[i] & 0xf];
     }
diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h
index 64984006be..9b5dada53d 100644
--- a/src/util/vircrypto.h
+++ b/src/util/vircrypto.h
@@ -41,7 +41,7 @@ typedef enum {
     VIR_CRYPTO_CIPHER_LAST
 } virCryptoCipher;
 
-int
+ssize_t
 virCryptoHashBuf(virCryptoHash hash,
                  const char *input,
                  unsigned char *output)
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/8] Skip vircryptotest and virfilecachetest without gnutls
Posted by Ján Tomko, 1 week ago
Fix make check without gnutls.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 tests/vircryptotest.c    | 26 ++++++++++++++++++--------
 tests/virfilecachetest.c | 19 +++++++++++++++----
 2 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index e24834c16e..d9ffc6f34c 100644
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@@ -20,12 +20,13 @@
 
 #include <config.h>
 
-#include "vircrypto.h"
-#include "virrandom.h"
-
 #include "testutils.h"
 
-#define VIR_FROM_THIS VIR_FROM_NONE
+#if WITH_GNUTLS
+# include "vircrypto.h"
+# include "virrandom.h"
+
+# define VIR_FROM_THIS VIR_FROM_NONE
 
 struct testCryptoHashData {
     virCryptoHash hash;
@@ -129,7 +130,7 @@ mymain(void)
                                        0x1b, 0x8c, 0x3f, 0x48,
                                        0x27, 0xae, 0xb6, 0x7a};
 
-#define VIR_CRYPTO_HASH(h, i, o) \
+# define VIR_CRYPTO_HASH(h, i, o) \
     do { \
         struct testCryptoHashData data = { \
             .hash = h, \
@@ -152,9 +153,9 @@ mymain(void)
     VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "The quick brown fox", "a2004f37730b9445670a738fa0fc9ee5");
     VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "The quick brown fox", "5cac4f980fedc3d3f1f99b4be3472c9b30d56523e632d151237ec9309048bda9");
 
-#undef VIR_CRYPTO_HASH
+# undef VIR_CRYPTO_HASH
 
-#define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \
+# define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \
     do { \
         struct testCryptoEncryptData data = { \
             .algorithm = a, \
@@ -173,10 +174,19 @@ mymain(void)
     VIR_CRYPTO_ENCRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes265cbc",
                        secretdata, 7, expected_ciphertext, 16);
 
-#undef VIR_CRYPTO_ENCRYPT
+# undef VIR_CRYPTO_ENCRYPT
 
     return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
 }
 
 /* Forces usage of not so random virRandomBytes */
 VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virrandommock.so")
+#else
+static int
+mymain(void)
+{
+    return EXIT_AM_SKIP;
+}
+
+VIR_TEST_MAIN(mymain);
+#endif /* WITH_GNUTLS */
diff --git a/tests/virfilecachetest.c b/tests/virfilecachetest.c
index 3c55cd1e02..44386742e1 100644
--- a/tests/virfilecachetest.c
+++ b/tests/virfilecachetest.c
@@ -20,11 +20,13 @@
 #include <config.h>
 
 #include "testutils.h"
-#include "virfile.h"
-#include "virfilecache.h"
 
+#if WITH_GNUTLS
+# include "virfile.h"
+# include "virfilecache.h"
 
-#define VIR_FROM_THIS VIR_FROM_NONE
+
+# define VIR_FROM_THIS VIR_FROM_NONE
 
 
 struct _testFileCacheObj {
@@ -212,7 +214,7 @@ mymain(void)
 
     virFileCacheSetPriv(cache, &testPriv);
 
-#define TEST_RUN(name, newData, expectData, expectSave) \
+# define TEST_RUN(name, newData, expectData, expectSave) \
     do { \
         testFileCacheData data = { \
             cache, name, newData, expectData, expectSave \
@@ -233,3 +235,12 @@ mymain(void)
 }
 
 VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virfilecachemock.so")
+#else
+static int
+mymain(void)
+{
+    return EXIT_AM_SKIP;
+}
+
+VIR_TEST_MAIN(mymain);
+#endif /* WITH_GNUTLS */
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/8] Require GnuTLS >= 3.2.0
Posted by Ján Tomko, 1 week ago
Ubuntu 14.04 which is not targetted as a supported platform [0]
already has 3.2.11

[0] https://libvirt.org/platforms.html

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 m4/virt-gnutls.m4 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index e3869f75cc..13399ac766 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -18,11 +18,15 @@ dnl <http://www.gnu.org/licenses/>.
 dnl
 
 AC_DEFUN([LIBVIRT_ARG_GNUTLS],[
-  LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [2.2.0])
+  LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0])
 ])
 
 AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
-  LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [2.2.0])
+  LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0])
+
+  dnl Require gnutls >= 3.2.0 because of 3.2.11 in Ubuntu 14.04
+  dnl That should have all the functions we use (in >= 2.12)
+  dnl and also use nettle, because it's >= 3.0
 
   if test "$with_gnutls" = "yes" ; then
     dnl Double probe: gnutls >= 2.12 had a configure option for gcrypt and
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/8] Deprecate GNUTLS_GCRYPT
Posted by Ján Tomko, 1 week ago
Now that we assume GnuTLS >= 3.0, we can ditch gcrypt support.
Introduced by <commit 6094b1f>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 config-post.h     |  2 --
 m4/virt-gnutls.m4 | 29 -------------------
 src/libvirt.c     | 83 -------------------------------------------------------
 3 files changed, 114 deletions(-)

diff --git a/config-post.h b/config-post.h
index f7eba0d7ca..063e30fa37 100644
--- a/config-post.h
+++ b/config-post.h
@@ -36,7 +36,6 @@
 # undef WITH_DEVMAPPER
 # undef WITH_DTRACE_PROBES
 # undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
 # undef WITH_LIBSSH
 # undef WITH_MACVTAP
 # undef WITH_NUMACTL
@@ -62,7 +61,6 @@
 # undef WITH_DEVMAPPER
 # undef WITH_DTRACE_PROBES
 # undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
 # undef WITH_LIBSSH
 # undef WITH_MACVTAP
 # undef WITH_NUMACTL
diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 13399ac766..35792c060f 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -29,35 +29,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
   dnl and also use nettle, because it's >= 3.0
 
   if test "$with_gnutls" = "yes" ; then
-    dnl Double probe: gnutls >= 2.12 had a configure option for gcrypt and
-    dnl gnutls >= 3.0 uses only nettle.  Our goal is to avoid gcrypt if we
-    dnl can prove gnutls uses nettle, but it is a safe fallback to use gcrypt
-    dnl if we can't prove anything.
-
-    GNUTLS_GCRYPT=
-    if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
-      GNUTLS_GCRYPT="no"
-    else
-      GNUTLS_GCRYPT="probe"
-    fi
-
-    if test "$GNUTLS_GCRYPT" = "probe"; then
-      case $($PKG_CONFIG --libs --static gnutls) in
-        *gcrypt*) GNUTLS_GCRYPT=yes       ;;
-        *nettle*) GNUTLS_GCRYPT=no        ;;
-        *)        GNUTLS_GCRYPT=unknown   ;;
-      esac
-    fi
-
-    if test "$GNUTLS_GCRYPT" = "yes" || test "$GNUTLS_GCRYPT" = "unknown"; then
-      GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
-      dnl We're not using gcrypt deprecated features so define
-      dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
-      GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
-      AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
-                         [set to 1 if it is known or assumed that GNUTLS uses gcrypt])
-    fi
-
     OLD_CFLAGS="$CFLAGS"
     OLD_LIBS="$LIBS"
     CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
diff --git a/src/libvirt.c b/src/libvirt.c
index 0a81cbfb99..ffb002f4e1 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -54,9 +54,6 @@
 #include "configmake.h"
 #include "virconf.h"
 #if WITH_GNUTLS
-# if WITH_GNUTLS_GCRYPT
-#  include <gcrypt.h>
-# endif
 # include "rpc/virnettlscontext.h"
 #endif
 #include "vircommand.h"
@@ -243,70 +240,6 @@ virWinsockInit(void)
 #endif
 
 
-#ifdef WITH_GNUTLS_GCRYPT
-static int
-virTLSMutexInit(void **priv)
-{
-    virMutexPtr lock = NULL;
-
-    if (VIR_ALLOC_QUIET(lock) < 0)
-        return ENOMEM;
-
-    if (virMutexInit(lock) < 0) {
-        VIR_FREE(lock);
-        return errno;
-    }
-
-    *priv = lock;
-    return 0;
-}
-
-
-static int
-virTLSMutexDestroy(void **priv)
-{
-    virMutexPtr lock = *priv;
-    virMutexDestroy(lock);
-    VIR_FREE(lock);
-    return 0;
-}
-
-
-static int
-virTLSMutexLock(void **priv)
-{
-    virMutexPtr lock = *priv;
-    virMutexLock(lock);
-    return 0;
-}
-
-
-static int
-virTLSMutexUnlock(void **priv)
-{
-    virMutexPtr lock = *priv;
-    virMutexUnlock(lock);
-    return 0;
-}
-
-
-static struct gcry_thread_cbs virTLSThreadImpl = {
-    /* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */
-# ifdef GCRY_THREAD_OPTION_VERSION
-    (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
-# else
-    GCRY_THREAD_OPTION_PTHREAD,
-# endif
-    NULL,
-    virTLSMutexInit,
-    virTLSMutexDestroy,
-    virTLSMutexLock,
-    virTLSMutexUnlock,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
-};
-#endif /* WITH_GNUTLS_GCRYPT */
-
-
 static bool virGlobalError;
 static virOnceControl virGlobalOnce = VIR_ONCE_CONTROL_INITIALIZER;
 
@@ -330,22 +263,6 @@ virGlobalInit(void)
     }
 #endif
 
-#ifdef WITH_GNUTLS_GCRYPT
-    /*
-     * This sequence of API calls it copied exactly from
-     * gnutls 2.12.23 source lib/gcrypt/init.c, with
-     * exception that GCRYCTL_ENABLE_QUICK_RANDOM, is
-     * dropped
-     */
-    if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) {
-        gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
-        gcry_check_version(NULL);
-
-        gcry_control(GCRYCTL_DISABLE_SECMEM, NULL, 0);
-        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-    }
-#endif
-
     virLogSetFromEnv();
 
 #ifdef WITH_GNUTLS
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 5/8] Remove explicit check for gnutls_rnd
Posted by Ján Tomko, 1 week ago
Introduced in gnutls 2.12, but we require gnutls >= 3.2
Check added by commit <2d23d14>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 m4/virt-gnutls.m4    | 1 -
 src/util/vircrypto.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 35792c060f..8c720c0cd7 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -37,7 +37,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
       #include <gnutls/gnutls.h>
     ]])
 
-    AC_CHECK_FUNCS([gnutls_rnd])
     AC_CHECK_FUNCS([gnutls_cipher_encrypt])
     CFLAGS="$OLD_CFLAGS"
     LIBS="$OLD_LIBS"
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index d110adfe59..9bee04fcf9 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -336,7 +336,7 @@ virCryptoGenerateRandom(size_t nbytes)
     if (VIR_ALLOC_N(buf, nbytes) < 0)
         return NULL;
 
-#if HAVE_GNUTLS_RND
+#if WITH_GNUTLS
     /* Generate the byte stream using gnutls_rnd() if possible */
     if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/8] Remove explicit check for gnutls_cipher_encrypt
Posted by Ján Tomko, 1 week ago
Introduced in gnutls 2.10, and we assume >= 3.2.

Commit 1ce9c08a added this check.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 m4/virt-gnutls.m4        | 1 -
 src/util/vircrypto.c     | 4 ++--
 tests/qemuxml2argvtest.c | 8 ++++----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index 8c720c0cd7..f25cfb60f7 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -37,7 +37,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
       #include <gnutls/gnutls.h>
     ]])
 
-    AC_CHECK_FUNCS([gnutls_cipher_encrypt])
     CFLAGS="$OLD_CFLAGS"
     LIBS="$OLD_LIBS"
   fi
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 9bee04fcf9..d789129a86 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -131,7 +131,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
     switch (algorithm) {
 
     case VIR_CRYPTO_CIPHER_AES256CBC:
-#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+#ifdef WITH_GNUTLS
     return true;
 #else
     return false;
@@ -146,7 +146,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
 }
 
 
-#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+#ifdef WITH_GNUTLS
 /* virCryptoEncryptDataAESgntuls:
  *
  * Performs the AES gnutls encryption
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d4d64b0d21..eb41c27767 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1024,7 +1024,7 @@ mymain(void)
     DO_TEST("disk-drive-network-sheepdog", NONE);
     DO_TEST("disk-drive-network-rbd-auth", NONE);
     DO_TEST("disk-drive-network-source-auth", NONE);
-# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+# ifdef WITH_GNUTLS
     DO_TEST("disk-drive-network-rbd-auth-AES",
             QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
 # endif
@@ -1320,7 +1320,7 @@ mymain(void)
     if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509secretUUID,
                          "6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea") < 0)
         return EXIT_FAILURE;
-# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+# ifdef WITH_GNUTLS
     DO_TEST("serial-tcp-tlsx509-secret-chardev",
             QEMU_CAPS_OBJECT_SECRET,
             QEMU_CAPS_DEVICE_ISA_SERIAL,
@@ -1617,7 +1617,7 @@ mymain(void)
 
     DO_TEST("encrypted-disk", NONE);
     DO_TEST("encrypted-disk-usage", NONE);
-# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+# ifdef WITH_GNUTLS
     DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
     DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);
     DO_TEST_PARSE_ERROR("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET);
@@ -2310,7 +2310,7 @@ mymain(void)
     DO_TEST("hostdev-scsi-virtio-iscsi-auth",
             QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
             QEMU_CAPS_DEVICE_SCSI_GENERIC);
-# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
+# ifdef WITH_GNUTLS
     DO_TEST("disk-hostdev-scsi-virtio-iscsi-auth-AES",
             QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
             QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET,
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 7/8] Fix indentation in virCryptoHaveCipher
Posted by Ján Tomko, 1 week ago
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/util/vircrypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index d789129a86..2118fdba22 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -132,9 +132,9 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
 
     case VIR_CRYPTO_CIPHER_AES256CBC:
 #ifdef WITH_GNUTLS
-    return true;
+        return true;
 #else
-    return false;
+        return false;
 #endif
 
     case VIR_CRYPTO_CIPHER_NONE:
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 8/8] Remove check for gnutls/crypto.h
Posted by Ján Tomko, 1 week ago
Assume its presence for gnutls >= 3.2.

Check introduced by <commit 7d21d6b>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 m4/virt-gnutls.m4          | 13 -------------
 src/rpc/virnettlscontext.c |  4 +---
 src/util/vircrypto.c       |  4 +---
 3 files changed, 2 insertions(+), 19 deletions(-)

diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4
index f25cfb60f7..426a1a0348 100644
--- a/m4/virt-gnutls.m4
+++ b/m4/virt-gnutls.m4
@@ -27,19 +27,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[
   dnl Require gnutls >= 3.2.0 because of 3.2.11 in Ubuntu 14.04
   dnl That should have all the functions we use (in >= 2.12)
   dnl and also use nettle, because it's >= 3.0
-
-  if test "$with_gnutls" = "yes" ; then
-    OLD_CFLAGS="$CFLAGS"
-    OLD_LIBS="$LIBS"
-    CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
-    LIBS="$LIBS $GNUTLS_LIBS"
-    AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
-      #include <gnutls/gnutls.h>
-    ]])
-
-    CFLAGS="$OLD_CFLAGS"
-    LIBS="$OLD_LIBS"
-  fi
 ])
 
 AC_DEFUN([LIBVIRT_RESULT_GNUTLS],[
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 2c46aebf31..97b74de89e 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -25,9 +25,7 @@
 #include <stdlib.h>
 
 #include <gnutls/gnutls.h>
-#if HAVE_GNUTLS_CRYPTO_H
-# include <gnutls/crypto.h>
-#endif
+#include <gnutls/crypto.h>
 #include <gnutls/x509.h>
 
 #include "virnettlscontext.h"
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 2118fdba22..bbc2a01f22 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -28,9 +28,7 @@
 
 #ifdef WITH_GNUTLS
 # include <gnutls/gnutls.h>
-# if HAVE_GNUTLS_CRYPTO_H
-#  include <gnutls/crypto.h>
-# endif
+# include <gnutls/crypto.h>
 #endif
 
 VIR_LOG_INIT("util.crypto");
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list