[libvirt] [PATCH 0/8] GnuTLS fixes and requirements
The first two patches fix the build and tests without GnuTLS. The third requires GnuTLS 3.2.0 or newer. That means we don't have to worry about gnutls_hash_fast not being present (introduced in GnuTLS 2.10.0). The rest of the patches cleans up the code that deals with older GnuTLS. Ján Tomko (8): virCryptoHashBuf: return the length of the hash in bytes Skip vircryptotest and virfilecachetest without gnutls Require GnuTLS >= 3.2.0 Deprecate GNUTLS_GCRYPT Remove explicit check for gnutls_rnd Remove explicit check for gnutls_cipher_encrypt Fix indentation in virCryptoHaveCipher Remove check for gnutls/crypto.h config-post.h | 2 -- m4/virt-gnutls.m4 | 50 +++------------------------- src/libvirt.c | 83 ---------------------------------------------- src/rpc/virnettlscontext.c | 4 +-- src/util/vircrypto.c | 28 ++++++++-------- src/util/vircrypto.h | 2 +- tests/qemuxml2argvtest.c | 8 ++--- tests/vircryptotest.c | 26 ++++++++++----- tests/virfilecachetest.c | 19 ++++++++--- 9 files changed, 58 insertions(+), 164 deletions(-) -- 2.16.1
virCryptoHashString also needs to know the size of the returned hash. Return it if the hash conversion succeeded so the caller does not need to access the hashinfo array. This should make virCryptoHashString build without gnutls. Also fixes the missing return value for the virCryptoHashBuf stub. Signed-off-by: Ján Tomko <jtomko@redhat.com> Suggested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- src/util/vircrypto.c | 14 ++++++++------ src/util/vircrypto.h | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 62a027353b..d110adfe59 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -54,7 +54,7 @@ struct virHashInfo { verify(ARRAY_CARDINALITY(hashinfo) == VIR_CRYPTO_HASH_LAST); -int +ssize_t virCryptoHashBuf(virCryptoHash hash, const char *input, unsigned char *output) @@ -74,16 +74,17 @@ virCryptoHashBuf(virCryptoHash hash, return -1; } - return 0; + return hashinfo[hash].hashlen; } #else -int +ssize_t virCryptoHashBuf(virCryptoHash hash, const char *input ATTRIBUTE_UNUSED, unsigned char *output ATTRIBUTE_UNUSED) { virReportError(VIR_ERR_INVALID_ARG, _("algorithm=%d is not supported"), hash); + return -1; } #endif @@ -93,18 +94,19 @@ virCryptoHashString(virCryptoHash hash, char **output) { unsigned char buf[VIR_CRYPTO_LARGEST_DIGEST_SIZE]; + ssize_t rc; size_t hashstrlen; size_t i; - if (virCryptoHashBuf(hash, input, buf) < 0) + if ((rc = virCryptoHashBuf(hash, input, buf)) < 0) return -1; - hashstrlen = (hashinfo[hash].hashlen * 2) + 1; + hashstrlen = (rc * 2) + 1; if (VIR_ALLOC_N(*output, hashstrlen) < 0) return -1; - for (i = 0; i < hashinfo[hash].hashlen; i++) { + for (i = 0; i < rc; i++) { (*output)[i * 2] = hex[(buf[i] >> 4) & 0xf]; (*output)[(i * 2) + 1] = hex[buf[i] & 0xf]; } diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 64984006be..9b5dada53d 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -41,7 +41,7 @@ typedef enum { VIR_CRYPTO_CIPHER_LAST } virCryptoCipher; -int +ssize_t virCryptoHashBuf(virCryptoHash hash, const char *input, unsigned char *output) -- 2.16.1
Fix make check without gnutls. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- tests/vircryptotest.c | 26 ++++++++++++++++++-------- tests/virfilecachetest.c | 19 +++++++++++++++---- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c index e24834c16e..d9ffc6f34c 100644 --- a/tests/vircryptotest.c +++ b/tests/vircryptotest.c @@ -20,12 +20,13 @@ #include <config.h> -#include "vircrypto.h" -#include "virrandom.h" - #include "testutils.h" -#define VIR_FROM_THIS VIR_FROM_NONE +#if WITH_GNUTLS +# include "vircrypto.h" +# include "virrandom.h" + +# define VIR_FROM_THIS VIR_FROM_NONE struct testCryptoHashData { virCryptoHash hash; @@ -129,7 +130,7 @@ mymain(void) 0x1b, 0x8c, 0x3f, 0x48, 0x27, 0xae, 0xb6, 0x7a}; -#define VIR_CRYPTO_HASH(h, i, o) \ +# define VIR_CRYPTO_HASH(h, i, o) \ do { \ struct testCryptoHashData data = { \ .hash = h, \ @@ -152,9 +153,9 @@ mymain(void) VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_MD5, "The quick brown fox", "a2004f37730b9445670a738fa0fc9ee5"); VIR_CRYPTO_HASH(VIR_CRYPTO_HASH_SHA256, "The quick brown fox", "5cac4f980fedc3d3f1f99b4be3472c9b30d56523e632d151237ec9309048bda9"); -#undef VIR_CRYPTO_HASH +# undef VIR_CRYPTO_HASH -#define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \ +# define VIR_CRYPTO_ENCRYPT(a, n, i, il, c, cl) \ do { \ struct testCryptoEncryptData data = { \ .algorithm = a, \ @@ -173,10 +174,19 @@ mymain(void) VIR_CRYPTO_ENCRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes265cbc", secretdata, 7, expected_ciphertext, 16); -#undef VIR_CRYPTO_ENCRYPT +# undef VIR_CRYPTO_ENCRYPT return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } /* Forces usage of not so random virRandomBytes */ VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virrandommock.so") +#else +static int +mymain(void) +{ + return EXIT_AM_SKIP; +} + +VIR_TEST_MAIN(mymain); +#endif /* WITH_GNUTLS */ diff --git a/tests/virfilecachetest.c b/tests/virfilecachetest.c index 3c55cd1e02..44386742e1 100644 --- a/tests/virfilecachetest.c +++ b/tests/virfilecachetest.c @@ -20,11 +20,13 @@ #include <config.h> #include "testutils.h" -#include "virfile.h" -#include "virfilecache.h" +#if WITH_GNUTLS +# include "virfile.h" +# include "virfilecache.h" -#define VIR_FROM_THIS VIR_FROM_NONE + +# define VIR_FROM_THIS VIR_FROM_NONE struct _testFileCacheObj { @@ -212,7 +214,7 @@ mymain(void) virFileCacheSetPriv(cache, &testPriv); -#define TEST_RUN(name, newData, expectData, expectSave) \ +# define TEST_RUN(name, newData, expectData, expectSave) \ do { \ testFileCacheData data = { \ cache, name, newData, expectData, expectSave \ @@ -233,3 +235,12 @@ mymain(void) } VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virfilecachemock.so") +#else +static int +mymain(void) +{ + return EXIT_AM_SKIP; +} + +VIR_TEST_MAIN(mymain); +#endif /* WITH_GNUTLS */ -- 2.16.1
Ubuntu 14.04 which is not targetted as a supported platform [0] already has 3.2.11 [0] https://libvirt.org/platforms.html Signed-off-by: Ján Tomko <jtomko@redhat.com> --- m4/virt-gnutls.m4 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index e3869f75cc..13399ac766 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -18,11 +18,15 @@ dnl <http://www.gnu.org/licenses/>. dnl AC_DEFUN([LIBVIRT_ARG_GNUTLS],[ - LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [2.2.0]) + LIBVIRT_ARG_WITH_FEATURE([GNUTLS], [gnutls], [check], [3.2.0]) ]) AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ - LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [2.2.0]) + LIBVIRT_CHECK_PKG([GNUTLS], [gnutls], [3.2.0]) + + dnl Require gnutls >= 3.2.0 because of 3.2.11 in Ubuntu 14.04 + dnl That should have all the functions we use (in >= 2.12) + dnl and also use nettle, because it's >= 3.0 if test "$with_gnutls" = "yes" ; then dnl Double probe: gnutls >= 2.12 had a configure option for gcrypt and -- 2.16.1
Now that we assume GnuTLS >= 3.0, we can ditch gcrypt support. Introduced by <commit 6094b1f>. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- config-post.h | 2 -- m4/virt-gnutls.m4 | 29 ------------------- src/libvirt.c | 83 ------------------------------------------------------- 3 files changed, 114 deletions(-) diff --git a/config-post.h b/config-post.h index f7eba0d7ca..063e30fa37 100644 --- a/config-post.h +++ b/config-post.h @@ -36,7 +36,6 @@ # undef WITH_DEVMAPPER # undef WITH_DTRACE_PROBES # undef WITH_GNUTLS -# undef WITH_GNUTLS_GCRYPT # undef WITH_LIBSSH # undef WITH_MACVTAP # undef WITH_NUMACTL @@ -62,7 +61,6 @@ # undef WITH_DEVMAPPER # undef WITH_DTRACE_PROBES # undef WITH_GNUTLS -# undef WITH_GNUTLS_GCRYPT # undef WITH_LIBSSH # undef WITH_MACVTAP # undef WITH_NUMACTL diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index 13399ac766..35792c060f 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -29,35 +29,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ dnl and also use nettle, because it's >= 3.0 if test "$with_gnutls" = "yes" ; then - dnl Double probe: gnutls >= 2.12 had a configure option for gcrypt and - dnl gnutls >= 3.0 uses only nettle. Our goal is to avoid gcrypt if we - dnl can prove gnutls uses nettle, but it is a safe fallback to use gcrypt - dnl if we can't prove anything. - - GNUTLS_GCRYPT= - if $PKG_CONFIG --exists 'gnutls >= 3.0'; then - GNUTLS_GCRYPT="no" - else - GNUTLS_GCRYPT="probe" - fi - - if test "$GNUTLS_GCRYPT" = "probe"; then - case $($PKG_CONFIG --libs --static gnutls) in - *gcrypt*) GNUTLS_GCRYPT=yes ;; - *nettle*) GNUTLS_GCRYPT=no ;; - *) GNUTLS_GCRYPT=unknown ;; - esac - fi - - if test "$GNUTLS_GCRYPT" = "yes" || test "$GNUTLS_GCRYPT" = "unknown"; then - GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" - dnl We're not using gcrypt deprecated features so define - dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings - GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED" - AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1, - [set to 1 if it is known or assumed that GNUTLS uses gcrypt]) - fi - OLD_CFLAGS="$CFLAGS" OLD_LIBS="$LIBS" CFLAGS="$CFLAGS $GNUTLS_CFLAGS" diff --git a/src/libvirt.c b/src/libvirt.c index 0a81cbfb99..ffb002f4e1 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -54,9 +54,6 @@ #include "configmake.h" #include "virconf.h" #if WITH_GNUTLS -# if WITH_GNUTLS_GCRYPT -# include <gcrypt.h> -# endif # include "rpc/virnettlscontext.h" #endif #include "vircommand.h" @@ -243,70 +240,6 @@ virWinsockInit(void) #endif -#ifdef WITH_GNUTLS_GCRYPT -static int -virTLSMutexInit(void **priv) -{ - virMutexPtr lock = NULL; - - if (VIR_ALLOC_QUIET(lock) < 0) - return ENOMEM; - - if (virMutexInit(lock) < 0) { - VIR_FREE(lock); - return errno; - } - - *priv = lock; - return 0; -} - - -static int -virTLSMutexDestroy(void **priv) -{ - virMutexPtr lock = *priv; - virMutexDestroy(lock); - VIR_FREE(lock); - return 0; -} - - -static int -virTLSMutexLock(void **priv) -{ - virMutexPtr lock = *priv; - virMutexLock(lock); - return 0; -} - - -static int -virTLSMutexUnlock(void **priv) -{ - virMutexPtr lock = *priv; - virMutexUnlock(lock); - return 0; -} - - -static struct gcry_thread_cbs virTLSThreadImpl = { - /* GCRY_THREAD_OPTION_VERSION was added in gcrypt 1.4.2 */ -# ifdef GCRY_THREAD_OPTION_VERSION - (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), -# else - GCRY_THREAD_OPTION_PTHREAD, -# endif - NULL, - virTLSMutexInit, - virTLSMutexDestroy, - virTLSMutexLock, - virTLSMutexUnlock, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; -#endif /* WITH_GNUTLS_GCRYPT */ - - static bool virGlobalError; static virOnceControl virGlobalOnce = VIR_ONCE_CONTROL_INITIALIZER; @@ -330,22 +263,6 @@ virGlobalInit(void) } #endif -#ifdef WITH_GNUTLS_GCRYPT - /* - * This sequence of API calls it copied exactly from - * gnutls 2.12.23 source lib/gcrypt/init.c, with - * exception that GCRYCTL_ENABLE_QUICK_RANDOM, is - * dropped - */ - if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) { - gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl); - gcry_check_version(NULL); - - gcry_control(GCRYCTL_DISABLE_SECMEM, NULL, 0); - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - } -#endif - virLogSetFromEnv(); #ifdef WITH_GNUTLS -- 2.16.1
Introduced in gnutls 2.12, but we require gnutls >= 3.2 Check added by commit <2d23d14>. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- m4/virt-gnutls.m4 | 1 - src/util/vircrypto.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index 35792c060f..8c720c0cd7 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -37,7 +37,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ #include <gnutls/gnutls.h> ]]) - AC_CHECK_FUNCS([gnutls_rnd]) AC_CHECK_FUNCS([gnutls_cipher_encrypt]) CFLAGS="$OLD_CFLAGS" LIBS="$OLD_LIBS" diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index d110adfe59..9bee04fcf9 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -336,7 +336,7 @@ virCryptoGenerateRandom(size_t nbytes) if (VIR_ALLOC_N(buf, nbytes) < 0) return NULL; -#if HAVE_GNUTLS_RND +#if WITH_GNUTLS /* Generate the byte stream using gnutls_rnd() if possible */ if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, -- 2.16.1
Introduced in gnutls 2.10, and we assume >= 3.2. Commit 1ce9c08a added this check. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- m4/virt-gnutls.m4 | 1 - src/util/vircrypto.c | 4 ++-- tests/qemuxml2argvtest.c | 8 ++++---- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index 8c720c0cd7..f25cfb60f7 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -37,7 +37,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ #include <gnutls/gnutls.h> ]]) - AC_CHECK_FUNCS([gnutls_cipher_encrypt]) CFLAGS="$OLD_CFLAGS" LIBS="$OLD_LIBS" fi diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 9bee04fcf9..d789129a86 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -131,7 +131,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm) switch (algorithm) { case VIR_CRYPTO_CIPHER_AES256CBC: -#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +#ifdef WITH_GNUTLS return true; #else return false; @@ -146,7 +146,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm) } -#ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +#ifdef WITH_GNUTLS /* virCryptoEncryptDataAESgntuls: * * Performs the AES gnutls encryption diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index d4d64b0d21..eb41c27767 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1024,7 +1024,7 @@ mymain(void) DO_TEST("disk-drive-network-sheepdog", NONE); DO_TEST("disk-drive-network-rbd-auth", NONE); DO_TEST("disk-drive-network-source-auth", NONE); -# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +# ifdef WITH_GNUTLS DO_TEST("disk-drive-network-rbd-auth-AES", QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI); # endif @@ -1320,7 +1320,7 @@ mymain(void) if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509secretUUID, "6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea") < 0) return EXIT_FAILURE; -# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +# ifdef WITH_GNUTLS DO_TEST("serial-tcp-tlsx509-secret-chardev", QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_DEVICE_ISA_SERIAL, @@ -1617,7 +1617,7 @@ mymain(void) DO_TEST("encrypted-disk", NONE); DO_TEST("encrypted-disk-usage", NONE); -# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +# ifdef WITH_GNUTLS DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); DO_TEST_PARSE_ERROR("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET); @@ -2310,7 +2310,7 @@ mymain(void) DO_TEST("hostdev-scsi-virtio-iscsi-auth", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC); -# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT +# ifdef WITH_GNUTLS DO_TEST("disk-hostdev-scsi-virtio-iscsi-auth-AES", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET, -- 2.16.1
Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/util/vircrypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index d789129a86..2118fdba22 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -132,9 +132,9 @@ virCryptoHaveCipher(virCryptoCipher algorithm) case VIR_CRYPTO_CIPHER_AES256CBC: #ifdef WITH_GNUTLS - return true; + return true; #else - return false; + return false; #endif case VIR_CRYPTO_CIPHER_NONE: -- 2.16.1
Assume its presence for gnutls >= 3.2. Check introduced by <commit 7d21d6b>. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- m4/virt-gnutls.m4 | 13 ------------- src/rpc/virnettlscontext.c | 4 +--- src/util/vircrypto.c | 4 +--- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/m4/virt-gnutls.m4 b/m4/virt-gnutls.m4 index f25cfb60f7..426a1a0348 100644 --- a/m4/virt-gnutls.m4 +++ b/m4/virt-gnutls.m4 @@ -27,19 +27,6 @@ AC_DEFUN([LIBVIRT_CHECK_GNUTLS],[ dnl Require gnutls >= 3.2.0 because of 3.2.11 in Ubuntu 14.04 dnl That should have all the functions we use (in >= 2.12) dnl and also use nettle, because it's >= 3.0 - - if test "$with_gnutls" = "yes" ; then - OLD_CFLAGS="$CFLAGS" - OLD_LIBS="$LIBS" - CFLAGS="$CFLAGS $GNUTLS_CFLAGS" - LIBS="$LIBS $GNUTLS_LIBS" - AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[ - #include <gnutls/gnutls.h> - ]]) - - CFLAGS="$OLD_CFLAGS" - LIBS="$OLD_LIBS" - fi ]) AC_DEFUN([LIBVIRT_RESULT_GNUTLS],[ diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 2c46aebf31..97b74de89e 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -25,9 +25,7 @@ #include <stdlib.h> #include <gnutls/gnutls.h> -#if HAVE_GNUTLS_CRYPTO_H -# include <gnutls/crypto.h> -#endif +#include <gnutls/crypto.h> #include <gnutls/x509.h> #include "virnettlscontext.h" diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 2118fdba22..bbc2a01f22 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -28,9 +28,7 @@ #ifdef WITH_GNUTLS # include <gnutls/gnutls.h> -# if HAVE_GNUTLS_CRYPTO_H -# include <gnutls/crypto.h> -# endif +# include <gnutls/crypto.h> #endif VIR_LOG_INIT("util.crypto"); -- 2.16.1
On 05/15/2018 02:03 PM, Ján Tomko wrote:
The first two patches fix the build and tests without GnuTLS. The third requires GnuTLS 3.2.0 or newer.
That means we don't have to worry about gnutls_hash_fast not being present (introduced in GnuTLS 2.10.0).
The rest of the patches cleans up the code that deals with older GnuTLS.
Ján Tomko (8): virCryptoHashBuf: return the length of the hash in bytes Skip vircryptotest and virfilecachetest without gnutls Require GnuTLS >= 3.2.0 Deprecate GNUTLS_GCRYPT Remove explicit check for gnutls_rnd Remove explicit check for gnutls_cipher_encrypt Fix indentation in virCryptoHaveCipher Remove check for gnutls/crypto.h
config-post.h | 2 -- m4/virt-gnutls.m4 | 50 +++------------------------- src/libvirt.c | 83 ---------------------------------------------- src/rpc/virnettlscontext.c | 4 +-- src/util/vircrypto.c | 28 ++++++++-------- src/util/vircrypto.h | 2 +- tests/qemuxml2argvtest.c | 8 ++--- tests/vircryptotest.c | 26 ++++++++++----- tests/virfilecachetest.c | 19 ++++++++--- 9 files changed, 58 insertions(+), 164 deletions(-)
ACK series. Michal
participants (2)
-
Ján Tomko -
Michal Privoznik