From 2d23d145a67fb259f01f46086f419717887490b4 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Thu, 7 Apr 2016 13:48:48 +0200 Subject: [PATCH] qemu: Explicitly check for gnutls_rnd() Our use of gnutls_rnd(), introduced with commit ad7520e8, is conditional to the availability of the header file. Such check, however, turns out not to be strict enough, as there are some versions of GnuTLS (eg. 2.8.5 from CentOS 6) that provide the header file, but not the function itself, which was introduced only in GnuTLS 2.12.0. Introduce an explicit check for the function. --- configure.ac | 7 +++++++ src/qemu/qemu_domain.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 64426745f1..c8c2895518 100644 --- a/configure.ac +++ b/configure.ac @@ -1289,6 +1289,13 @@ if test "x$with_gnutls" != "xno"; then with_gnutls=yes fi + dnl GNUTLS_CFLAGS and GNUTLS_LIBS have probably been updated above, + dnl and we need the final values for function probing to work + CFLAGS="$old_CFLAGS $GNUTLS_CFLAGS" + LIBS="$old_LIBS $GNUTLS_LIBS" + + AC_CHECK_FUNCS([gnutls_rnd]) + CFLAGS="$old_CFLAGS" LIBS="$old_LIBS" fi diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index fa7cfc9d86..55dcba8b94 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -635,8 +635,8 @@ qemuDomainGenerateRandomKey(size_t nbytes) if (VIR_ALLOC_N(key, nbytes) < 0) return NULL; -#if HAVE_GNUTLS_CRYPTO_H - /* Generate a master key using gnutls if possible */ +#if HAVE_GNUTLS_RND + /* Generate a master key using gnutls_rnd() if possible */ if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to generate master key, ret=%d"), ret); @@ -644,7 +644,7 @@ qemuDomainGenerateRandomKey(size_t nbytes) return NULL; } #else - /* If we don't have gnutls, we will generate a less cryptographically + /* If we don't have gnutls_rnd(), we will generate a less cryptographically * strong master key from /dev/urandom. */ if ((ret = virRandomBytes(key, nbytes)) < 0) { -- GitLab