Our use of gnutls_rnd() is conditional to the availability of
the <gnutls/crypto.h> header file.
Such check, however, turns out not to be strict enough as there
are some versions of gnutls (eg. 2.8.5 as available in CentOS 6)
that provide the header file, but not the function itself, which
was introduced in 2.12.0.
Introduce an explicit check for the function itself.
---
Would qualify as a build breaker (see [1]) but I'd rather have
some feedback before pushing it.
[1]
https://ci.centos.org/view/libvirt-project/job/libvirt-daemon-build/syste...
configure.ac | 4 ++++
src/qemu/qemu_domain.c | 6 +++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 85fc6e1..360674f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1286,6 +1286,10 @@ if test "x$with_gnutls" != "xno"; then
#include <gnutls/gnutls.h>
]])
+ dnl gnutls_rnd() was introduced in 2.12, so just checking for the
+ dnl corresponding header is not enough: we have to check for it explicitly
+ AC_CHECK_FUNCS([gnutls_rnd])
+
with_gnutls=yes
fi
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index fa7cfc9..55dcba8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -635,8 +635,8 @@ qemuDomainGenerateRandomKey(size_t nbytes)
if (VIR_ALLOC_N(key, nbytes) < 0)
return NULL;
-#if HAVE_GNUTLS_CRYPTO_H
- /* Generate a master key using gnutls if possible */
+#if HAVE_GNUTLS_RND
+ /* Generate a master key using gnutls_rnd() if possible */
if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to generate master key, ret=%d"), ret);
@@ -644,7 +644,7 @@ qemuDomainGenerateRandomKey(size_t nbytes)
return NULL;
}
#else
- /* If we don't have gnutls, we will generate a less cryptographically
+ /* If we don't have gnutls_rnd(), we will generate a less cryptographically
* strong master key from /dev/urandom.
*/
if ((ret = virRandomBytes(key, nbytes)) < 0) {
--
2.5.5