1. Patchew
  2. QEMU
  3. [PATCH v6 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices
  4. View patch

[PATCH v6 02/28] crypto/x509-utils: Refactor with GNUTLS fallback

Zhuoying Cai posted 28 patches 1 month, 4 weeks ago
Maintainers: "Daniel P. Berrangé" <berrange@redhat.com>, Thomas Huth <thuth@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, David Hildenbrand <david@redhat.com>, Ilya Leoshkevich <iii@linux.ibm.com>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, Jared Rossi <jrossi@linux.ibm.com>, Zhuoying Cai <zycai@linux.ibm.com>, Jason Herne <jjherne@linux.ibm.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>
[PATCH v6 02/28] crypto/x509-utils: Refactor with GNUTLS fallback
Posted by Zhuoying Cai 1 month, 4 weeks ago 
Always compile x509-utils.c and add a fallback when GNUTLS is
unavailable.

Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
 crypto/meson.build  |  5 +----
 crypto/x509-utils.c | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/crypto/meson.build b/crypto/meson.build
index 735635de1f..0614bfa914 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -22,12 +22,9 @@ crypto_ss.add(files(
   'tlscredsx509.c',
   'tlssession.c',
   'rsakey.c',
+  'x509-utils.c',
 ))
 
-if gnutls.found()
-  crypto_ss.add(files('x509-utils.c'))
-endif
-
 if nettle.found()
   crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
   if hogweed.found()
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 39bb6d4d8c..6176a88653 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -11,6 +11,8 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "crypto/x509-utils.h"
+
+#ifdef CONFIG_GNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 #include <gnutls/x509.h>
@@ -78,3 +80,17 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
     gnutls_x509_crt_deinit(crt);
     return ret;
 }
+
+#else /* ! CONFIG_GNUTLS */
+
+int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
+                                      QCryptoHashAlgo hash,
+                                      uint8_t *result,
+                                      size_t *resultlen,
+                                      Error **errp)
+{
+    error_setg(errp, "GNUTLS is required to get fingerprint");
+    return -1;
+}
+
+#endif /* ! CONFIG_GNUTLS */
-- 
2.50.1
Re: [PATCH v6 02/28] crypto/x509-utils: Refactor with GNUTLS fallback
Posted by Daniel P. Berrangé 1 month, 1 week ago 
On Wed, Sep 17, 2025 at 07:21:04PM -0400, Zhuoying Cai wrote:
> Always compile x509-utils.c and add a fallback when GNUTLS is
> unavailable.
> 
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
>  crypto/meson.build  |  5 +----
>  crypto/x509-utils.c | 16 ++++++++++++++++
>  2 files changed, 17 insertions(+), 4 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>

 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
Re: [PATCH v6 02/28] crypto/x509-utils: Refactor with GNUTLS fallback
Posted by Thomas Huth 1 month, 2 weeks ago 
On 18/09/2025 01.21, Zhuoying Cai wrote:
> Always compile x509-utils.c and add a fallback when GNUTLS is
> unavailable.

Maybe add some rationale to the description, like "we are going to need 
these functions in the s390x code even if GNUTLS is not available" or so?

  Thomas

> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
>   crypto/meson.build  |  5 +----
>   crypto/x509-utils.c | 16 ++++++++++++++++
>   2 files changed, 17 insertions(+), 4 deletions(-)
> 
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 735635de1f..0614bfa914 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -22,12 +22,9 @@ crypto_ss.add(files(
>     'tlscredsx509.c',
>     'tlssession.c',
>     'rsakey.c',
> +  'x509-utils.c',
>   ))
>   
> -if gnutls.found()
> -  crypto_ss.add(files('x509-utils.c'))
> -endif
> -
>   if nettle.found()
>     crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
>     if hogweed.found()
> diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
> index 39bb6d4d8c..6176a88653 100644
> --- a/crypto/x509-utils.c
> +++ b/crypto/x509-utils.c
> @@ -11,6 +11,8 @@
>   #include "qemu/osdep.h"
>   #include "qapi/error.h"
>   #include "crypto/x509-utils.h"
> +
> +#ifdef CONFIG_GNUTLS
>   #include <gnutls/gnutls.h>
>   #include <gnutls/crypto.h>
>   #include <gnutls/x509.h>
> @@ -78,3 +80,17 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
>       gnutls_x509_crt_deinit(crt);
>       return ret;
>   }
> +
> +#else /* ! CONFIG_GNUTLS */
> +
> +int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
> +                                      QCryptoHashAlgo hash,
> +                                      uint8_t *result,
> +                                      size_t *resultlen,
> +                                      Error **errp)
> +{
> +    error_setg(errp, "GNUTLS is required to get fingerprint");
> +    return -1;
> +}
> +
> +#endif /* ! CONFIG_GNUTLS */
Re: [PATCH v6 02/28] crypto/x509-utils: Refactor with GNUTLS fallback
Posted by Farhan Ali 1 month, 3 weeks ago 
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>

On 9/17/2025 4:21 PM, Zhuoying Cai wrote:
> Always compile x509-utils.c and add a fallback when GNUTLS is
> unavailable.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
>   crypto/meson.build  |  5 +----
>   crypto/x509-utils.c | 16 ++++++++++++++++
>   2 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 735635de1f..0614bfa914 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -22,12 +22,9 @@ crypto_ss.add(files(
>     'tlscredsx509.c',
>     'tlssession.c',
>     'rsakey.c',
> +  'x509-utils.c',
>   ))
>   
> -if gnutls.found()
> -  crypto_ss.add(files('x509-utils.c'))
> -endif
> -
>   if nettle.found()
>     crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
>     if hogweed.found()
> diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
> index 39bb6d4d8c..6176a88653 100644
> --- a/crypto/x509-utils.c
> +++ b/crypto/x509-utils.c
> @@ -11,6 +11,8 @@
>   #include "qemu/osdep.h"
>   #include "qapi/error.h"
>   #include "crypto/x509-utils.h"
> +
> +#ifdef CONFIG_GNUTLS
>   #include <gnutls/gnutls.h>
>   #include <gnutls/crypto.h>
>   #include <gnutls/x509.h>
> @@ -78,3 +80,17 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
>       gnutls_x509_crt_deinit(crt);
>       return ret;
>   }
> +
> +#else /* ! CONFIG_GNUTLS */
> +
> +int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
> +                                      QCryptoHashAlgo hash,
> +                                      uint8_t *result,
> +                                      size_t *resultlen,
> +                                      Error **errp)
> +{
> +    error_setg(errp, "GNUTLS is required to get fingerprint");
> +    return -1;
> +}
> +
> +#endif /* ! CONFIG_GNUTLS */

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.