qemu-patch-raspberry4

haraldwolff/qemu-patch-raspberry4

Fork 0

Commit graph

Author	SHA1	Message	Date
Daniel P. Berrange	91bfcdb01d	crypto: allow use of nettle/gcrypt to be selected explicitly Currently the choice of whether to use nettle or gcrypt is made based on what gnutls is linked to. There are times when it is desirable to be able to force build against a specific library. For example, if testing changes to QEMU's crypto code all 3 possible backends need to be checked regardless of what the local gnutls uses. It is also desirable to be able to enable nettle/gcrypt for cipher/hash algorithms, without enabling gnutls for TLS support. This gives two new configure flags, which allow the following possibilities Automatically determine nettle vs gcrypt from what gnutls links to (recommended to minimize number of crypto libraries linked to) ./configure Automatically determine nettle vs gcrypt based on which is installed ./configure --disable-gnutls Force use of nettle ./configure --enable-nettle Force use of gcrypt ./configure --enable-gcrypt Force use of built-in AES & crippled-DES ./configure --disable-nettle --disable-gcrypt Signed-off-by: Daniel P. Berrange <berrange@redhat.com>	2015-10-22 19:03:07 +01:00
Daniel P. Berrange	62893b67cd	crypto: add a gcrypt cipher implementation If we are linking to gnutls already and gnutls is built against gcrypt, then we should use gcrypt as a cipher backend in preference to our built-in backend. This will be used when linking against GNUTLS 1.x and many GNUTLS 2.x versions. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-6-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>	2015-07-08 13:11:01 +02:00
Daniel P. Berrange	ddbb0d0966	crypto: introduce new module for computing hash digests Introduce a new crypto/ directory that will (eventually) contain all the cryptographic related code. This initially defines a wrapper for initializing gnutls and for computing hashes with gnutls. The former ensures that gnutls is guaranteed to be initialized exactly once in QEMU regardless of CLI args. The block quorum code currently fails to initialize gnutls so it only works by luck, if VNC server TLS is not requested. The hash APIs avoids the need to litter the rest of the code with preprocessor checks and simplifies callers by allocating the correct amount of memory for the requested hash. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>	2015-07-07 12:04:07 +02:00

Author

SHA1

Message

Date

Daniel P. Berrange

91bfcdb01d

crypto: allow use of nettle/gcrypt to be selected explicitly

Currently the choice of whether to use nettle or gcrypt is
made based on what gnutls is linked to. There are times
when it is desirable to be able to force build against a
specific library. For example, if testing changes to QEMU's
crypto code all 3 possible backends need to be checked
regardless of what the local gnutls uses.

It is also desirable to be able to enable nettle/gcrypt
for cipher/hash algorithms, without enabling gnutls
for TLS support.

This gives two new configure flags, which allow the
following possibilities

Automatically determine nettle vs gcrypt from what
gnutls links to (recommended to minimize number of
crypto libraries linked to)

 ./configure

Automatically determine nettle vs gcrypt based on
which is installed

 ./configure --disable-gnutls

Force use of nettle

 ./configure --enable-nettle

Force use of gcrypt

 ./configure --enable-gcrypt

Force use of built-in AES & crippled-DES

 ./configure --disable-nettle --disable-gcrypt

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

2015-10-22 19:03:07 +01:00

Daniel P. Berrange

62893b67cd

crypto: add a gcrypt cipher implementation

If we are linking to gnutls already and gnutls is built against
gcrypt, then we should use gcrypt as a cipher backend in
preference to our built-in backend.

This will be used when linking against GNUTLS 1.x and many
GNUTLS 2.x versions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-6-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2015-07-08 13:11:01 +02:00

Daniel P. Berrange

ddbb0d0966

crypto: introduce new module for computing hash digests

Introduce a new crypto/ directory that will (eventually) contain
all the cryptographic related code. This initially defines a
wrapper for initializing gnutls and for computing hashes with
gnutls. The former ensures that gnutls is guaranteed to be
initialized exactly once in QEMU regardless of CLI args. The
block quorum code currently fails to initialize gnutls so it
only works by luck, if VNC server TLS is not requested. The
hash APIs avoids the need to litter the rest of the code with
preprocessor checks and simplifies callers by allocating the
correct amount of memory for the requested hash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2015-07-07 12:04:07 +02:00

3 commits