diff options
| author | Daniel P. Berrange <berrange@redhat.com> | 2015-10-16 16:36:53 +0100 |
|---|---|---|
| committer | Daniel P. Berrange <berrange@redhat.com> | 2015-10-22 19:03:07 +0100 |
| commit | 91bfcdb01d4869aa8f4cb67007827de63b8c2217 (patch) | |
| tree | d27c0a6577766db772348b5b023376d9e445483d /crypto/init.c | |
| parent | ca3e40e233e87f7b29442311736a82da01c0df7b (diff) | |
| download | qemu-91bfcdb01d4869aa8f4cb67007827de63b8c2217.tar.gz | |
crypto: allow use of nettle/gcrypt to be selected explicitly
Currently the choice of whether to use nettle or gcrypt is
made based on what gnutls is linked to. There are times
when it is desirable to be able to force build against a
specific library. For example, if testing changes to QEMU's
crypto code all 3 possible backends need to be checked
regardless of what the local gnutls uses.
It is also desirable to be able to enable nettle/gcrypt
for cipher/hash algorithms, without enabling gnutls
for TLS support.
This gives two new configure flags, which allow the
following possibilities
Automatically determine nettle vs gcrypt from what
gnutls links to (recommended to minimize number of
crypto libraries linked to)
./configure
Automatically determine nettle vs gcrypt based on
which is installed
./configure --disable-gnutls
Force use of nettle
./configure --enable-nettle
Force use of gcrypt
./configure --enable-gcrypt
Force use of built-in AES & crippled-DES
./configure --disable-nettle --disable-gcrypt
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/init.c')
| -rw-r--r-- | crypto/init.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/crypto/init.c b/crypto/init.c index 7447882c7b..d94faacdf2 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -24,8 +24,9 @@ #ifdef CONFIG_GNUTLS #include <gnutls/gnutls.h> #include <gnutls/crypto.h> +#endif -#ifdef CONFIG_GNUTLS_GCRYPT +#ifdef CONFIG_GCRYPT #include <gcrypt.h> #endif @@ -37,6 +38,7 @@ * - When GNUTLS >= 2.12, we must not initialize gcrypt threading * because GNUTLS will do that itself * - When GNUTLS < 2.12 we must always initialize gcrypt threading + * - When GNUTLS is disabled we must always initialize gcrypt threading * * But.... * @@ -47,12 +49,15 @@ * * - gcrypt < 1.6.0 * AND - * - gnutls < 2.12 + * - gnutls < 2.12 + * OR + * - gnutls is disabled * */ -#if (defined(CONFIG_GNUTLS_GCRYPT) && \ - (!defined(GNUTLS_VERSION_NUMBER) || \ +#if (defined(CONFIG_GCRYPT) && \ + (!defined(CONFIG_GNUTLS) || \ + !defined(GNUTLS_VERSION_NUMBER) || \ (GNUTLS_VERSION_NUMBER < 0x020c00)) && \ (!defined(GCRYPT_VERSION_NUMBER) || \ (GCRYPT_VERSION_NUMBER < 0x010600))) @@ -113,6 +118,7 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = { int qcrypto_init(Error **errp) { +#ifdef CONFIG_GNUTLS int ret; ret = gnutls_global_init(); if (ret < 0) { @@ -125,8 +131,9 @@ int qcrypto_init(Error **errp) gnutls_global_set_log_level(10); gnutls_global_set_log_function(qcrypto_gnutls_log); #endif +#endif -#ifdef CONFIG_GNUTLS_GCRYPT +#ifdef CONFIG_GCRYPT if (!gcry_check_version(GCRYPT_VERSION)) { error_setg(errp, "Unable to initialize gcrypt"); return -1; @@ -139,12 +146,3 @@ int qcrypto_init(Error **errp) return 0; } - -#else /* ! CONFIG_GNUTLS */ - -int qcrypto_init(Error **errp G_GNUC_UNUSED) -{ - return 0; -} - -#endif /* ! CONFIG_GNUTLS */ |