[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 91bfcd: crypto: allow use of nettle/gcrypt to
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 91bfcd: crypto: allow use of nettle/gcrypt to be selected ... |
Date: |
Fri, 23 Oct 2015 05:30:06 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 91bfcdb01d4869aa8f4cb67007827de63b8c2217
https://github.com/qemu/qemu/commit/91bfcdb01d4869aa8f4cb67007827de63b8c2217
Author: Daniel P. Berrange <address@hidden>
Date: 2015-10-22 (Thu, 22 Oct 2015)
Changed paths:
M configure
M crypto/cipher.c
M crypto/init.c
Log Message:
-----------
crypto: allow use of nettle/gcrypt to be selected explicitly
Currently the choice of whether to use nettle or gcrypt is
made based on what gnutls is linked to. There are times
when it is desirable to be able to force build against a
specific library. For example, if testing changes to QEMU's
crypto code all 3 possible backends need to be checked
regardless of what the local gnutls uses.
It is also desirable to be able to enable nettle/gcrypt
for cipher/hash algorithms, without enabling gnutls
for TLS support.
This gives two new configure flags, which allow the
following possibilities
Automatically determine nettle vs gcrypt from what
gnutls links to (recommended to minimize number of
crypto libraries linked to)
./configure
Automatically determine nettle vs gcrypt based on
which is installed
./configure --disable-gnutls
Force use of nettle
./configure --enable-nettle
Force use of gcrypt
./configure --enable-gcrypt
Force use of built-in AES & crippled-DES
./configure --disable-nettle --disable-gcrypt
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: eb2a770b178b9040c3fc04ee31dc38d1775db09a
https://github.com/qemu/qemu/commit/eb2a770b178b9040c3fc04ee31dc38d1775db09a
Author: Daniel P. Berrange <address@hidden>
Date: 2015-10-22 (Thu, 22 Oct 2015)
Changed paths:
M crypto/cipher-builtin.c
M tests/test-crypto-cipher.c
Log Message:
-----------
crypto: don't let builtin aes crash if no IV is provided
If no IV is provided, then use a default IV of all-zeros
instead of crashing. This gives parity with gcrypt and
nettle backends.
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 3a661f1eabf7e8db66e28489884d9b54aacb94ea
https://github.com/qemu/qemu/commit/3a661f1eabf7e8db66e28489884d9b54aacb94ea
Author: Daniel P. Berrange <address@hidden>
Date: 2015-10-22 (Thu, 22 Oct 2015)
Changed paths:
M crypto/cipher-builtin.c
M crypto/cipher-gcrypt.c
M crypto/cipher-nettle.c
M tests/test-crypto-cipher.c
Log Message:
-----------
crypto: add sanity checking of plaintext/ciphertext length
When encrypting/decrypting data, the plaintext/ciphertext
buffers are required to be a multiple of the cipher block
size. If this is not done, nettle will abort and gcrypt
will report an error. To get consistent behaviour add
explicit checks upfront for the buffer sizes.
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 90246037760a2a1d64da67782200b690de24cc49
https://github.com/qemu/qemu/commit/90246037760a2a1d64da67782200b690de24cc49
Author: Daniel P. Berrange <address@hidden>
Date: 2015-10-22 (Thu, 22 Oct 2015)
Changed paths:
M configure
M tests/Makefile
Log Message:
-----------
configure: avoid polluting global CFLAGS with tasn1 flags
The previous commit
commit 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03
Author: Daniel P. Berrange <address@hidden>
Date: Mon Apr 13 14:01:39 2015 +0100
crypto: add sanity checking of TLS x509 credentials
defined new variables $TEST_LIBS and $TEST_CFLAGS and
used them in tests/Makefile to augment $LIBS and $CFLAGS.
Unfortunately this overlooks the fact that tests/Makefile
is not executed via recursive-make, it is just pulled into
the top level Makefile via an include statement. So rather
than just augmenting the compiler/linker flags for tests
it polluted the global flags.
This is thought to be behind a reported failure when
building the pixman module as a sub-module, since global
$CFLAGS are passed down to configure in pixman.
This change removes the $TEST_LIBS and $TEST_CFLAGS
replacing them with $TASN1_LIBS and $TASN1_CFLAGS,
setting only against specific objects/executables
that need them.
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 431429a5b802fccf2701c37f580307c6979f4c3e
https://github.com/qemu/qemu/commit/431429a5b802fccf2701c37f580307c6979f4c3e
Author: Peter Maydell <address@hidden>
Date: 2015-10-23 (Fri, 23 Oct 2015)
Changed paths:
M configure
M crypto/cipher-builtin.c
M crypto/cipher-gcrypt.c
M crypto/cipher-nettle.c
M crypto/cipher.c
M crypto/init.c
M tests/Makefile
M tests/test-crypto-cipher.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/berrange/tags/qcrypto-fixes-pull-20151022-2' into staging
Merge qcrypto-fixes 2015/10/22
# gpg: Signature made Thu 22 Oct 2015 19:03:45 BST using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg: aka "Daniel P. Berrange <address@hidden>"
* remotes/berrange/tags/qcrypto-fixes-pull-20151022-2:
configure: avoid polluting global CFLAGS with tasn1 flags
crypto: add sanity checking of plaintext/ciphertext length
crypto: don't let builtin aes crash if no IV is provided
crypto: allow use of nettle/gcrypt to be selected explicitly
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/dfbe0642ef8e...431429a5b802
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 91bfcd: crypto: allow use of nettle/gcrypt to be selected ...,
GitHub <=