From a0722409bcb980ecdab8330d4c716a73c9fcb489 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 18 Jul 2018 11:55:05 +0100 Subject: crypto: require gnutls >= 3.1.18 for building QEMU MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gnutls 3.0.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 3.1.18 Debian (Stretch): 3.5.8 Debian (Jessie): 3.3.8 OpenBSD (ports): 3.5.18 FreeBSD (ports): 3.5.18 OpenSUSE Leap 15: 3.6.2 Ubuntu (Xenial): 3.4.10 macOS (Homebrew): 3.5.19 Based on this, it is reasonable to require gnutls >= 3.1.18 in QEMU which allows for all conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé --- tests/crypto-tls-x509-helpers.h | 3 +-- tests/test-crypto-tlscredsx509.c | 8 +------- 2 files changed, 2 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/crypto-tls-x509-helpers.h b/tests/crypto-tls-x509-helpers.h index 921341c..88c30d7 100644 --- a/tests/crypto-tls-x509-helpers.h +++ b/tests/crypto-tls-x509-helpers.h @@ -22,8 +22,7 @@ #include #if !(defined WIN32) && \ - defined(CONFIG_TASN1) && \ - (LIBGNUTLS_VERSION_NUMBER >= 0x020600) + defined(CONFIG_TASN1) # define QCRYPTO_HAVE_TLS_TEST_SUPPORT #endif diff --git a/tests/test-crypto-tlscredsx509.c b/tests/test-crypto-tlscredsx509.c index 30f9ac4..940a026 100644 --- a/tests/test-crypto-tlscredsx509.c +++ b/tests/test-crypto-tlscredsx509.c @@ -283,14 +283,8 @@ int main(int argc, char **argv) true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); - /* Technically a CA cert with basic constraints - * key purpose == key signing + non-critical should - * be rejected. GNUTLS < 3.1 does not reject it and - * we don't anticipate them changing this behaviour - */ TLS_TEST_REG(badca1, true, cacert4req.filename, servercert4req.filename, - (GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) || - GNUTLS_VERSION_MAJOR > 3); + true); TLS_TEST_REG(badca2, true, cacert5req.filename, servercert5req.filename, true); TLS_TEST_REG(badca3, true, -- cgit v1.1 From dea7a64e4c9557605fcda960950852181e9dbe74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 18 Jul 2018 11:55:05 +0100 Subject: crypto: require libgcrypt >= 1.5.0 for building QEMU MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit libgcrypt 1.5.0 was released in 2011 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 1.5.3 Debian (Stretch): 1.7.6 Debian (Jessie): 1.6.3 OpenBSD (ports): 1.8.2 FreeBSD (ports): 1.8.3 OpenSUSE Leap 15: 1.8.2 Ubuntu (Xenial): 1.6.5 macOS (Homebrew): 1.8.3 Based on this, it is reasonable to require libgcrypt >= 1.5.0 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé --- tests/Makefile.include | 2 +- tests/test-crypto-block.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/Makefile.include b/tests/Makefile.include index 7fe8578..0c8113f 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -115,7 +115,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF) check-unit-y += tests/test-io-channel-command$(EXESUF) check-unit-y += tests/test-io-channel-buffer$(EXESUF) check-unit-y += tests/test-base64$(EXESUF) -check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF) +check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF) check-unit-y += tests/test-crypto-ivgen$(EXESUF) check-unit-y += tests/test-crypto-afsplit$(EXESUF) check-unit-y += tests/test-crypto-xts$(EXESUF) diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index fd29a04..bd512cc 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -29,7 +29,7 @@ #endif #if (defined(_WIN32) || defined RUSAGE_THREAD) && \ - (defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT_KDF)) + (defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT)) #define TEST_LUKS #else #undef TEST_LUKS -- cgit v1.1 From 64dd2f3b5b090c21c3e82142de3fe7b4793ce6c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 18 Jul 2018 11:55:05 +0100 Subject: crypto: require nettle >= 2.7.1 for building QEMU MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit nettle 2.7.1 was released in 2013 and all the distros that are build target platforms for QEMU [1] include it: RHEL-7: 2.7.1 Debian (Stretch): 3.3 Debian (Jessie): 2.7.1 OpenBSD (ports): 3.4 FreeBSD (ports): 3.4 OpenSUSE Leap 15: 3.4 Ubuntu (Xenial): 3.2 macOS (Homebrew): 3.4 Based on this, it is reasonable to require nettle >= 2.7.1 in QEMU which allows for some conditional version checks in the code to be removed. [1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrangé --- tests/Makefile.include | 2 +- tests/test-crypto-block.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/Makefile.include b/tests/Makefile.include index 0c8113f..f77a495 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -115,7 +115,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF) check-unit-y += tests/test-io-channel-command$(EXESUF) check-unit-y += tests/test-io-channel-buffer$(EXESUF) check-unit-y += tests/test-base64$(EXESUF) -check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF) +check-unit-$(if $(CONFIG_NETTLE),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF) check-unit-y += tests/test-crypto-ivgen$(EXESUF) check-unit-y += tests/test-crypto-afsplit$(EXESUF) check-unit-y += tests/test-crypto-xts$(EXESUF) diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index bd512cc..fae4ffc 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -29,7 +29,7 @@ #endif #if (defined(_WIN32) || defined RUSAGE_THREAD) && \ - (defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT)) + (defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT)) #define TEST_LUKS #else #undef TEST_LUKS -- cgit v1.1