Commit 61962242 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/berrange/tags/vnc-crypto-v9-for-upstream' into staging 



Merge vnc-crypto-v9

# gpg: Signature made Tue 15 Sep 2015 15:32:38 BST using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/vnc-crypto-v9-for-upstream:
  ui: convert VNC server to use QCryptoTLSSession
  ui: fix return type for VNC I/O functions to be ssize_t
  crypto: introduce new module for handling TLS sessions
  crypto: add sanity checking of TLS x509 credentials
  crypto: introduce new module for TLS x509 credentials
  crypto: introduce new module for TLS anonymous credentials
  crypto: introduce new base module for TLS credentials
  qom: allow QOM to be linked into tools binaries
  crypto: move crypto objects out of libqemuutil.la
  tests: remove repetition in unit test object deps
  qapi: allow override of default enum prefix naming

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 1078f5db 3e305e4a

Makefile

+8 −3
Original line number Diff line number Diff line
@@ -152,6 +152,9 @@ dummy := $(call unnest-vars,, \ 
                qga-vss-dll-obj-y \

                block-obj-y \

                block-obj-m \

                crypto-obj-y \

                crypto-aes-obj-y \

                qom-obj-y \

                common-obj-y \

                common-obj-m)
@@ -173,6 +176,8 @@ SUBDIR_RULES=$(patsubst %,subdir-%, $(TARGET_DIRS)) 
SOFTMMU_SUBDIR_RULES=$(filter %-softmmu,$(SUBDIR_RULES))



$(SOFTMMU_SUBDIR_RULES): $(block-obj-y)

$(SOFTMMU_SUBDIR_RULES): $(crypto-obj-y)

$(SOFTMMU_SUBDIR_RULES): $(qom-obj-y)

$(SOFTMMU_SUBDIR_RULES): config-all-devices.mak



subdir-%:
@@ -227,9 +232,9 @@ util/module.o-cflags = -D'CONFIG_BLOCK_MODULES=$(block-modules)' 


qemu-img.o: qemu-img-cmds.h



qemu-img$(EXESUF): qemu-img.o $(block-obj-y) libqemuutil.a libqemustub.a

qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) libqemuutil.a libqemustub.a

qemu-io$(EXESUF): qemu-io.o $(block-obj-y) libqemuutil.a libqemustub.a

qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a

qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a

qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a



qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o

Makefile.objs

+10 −1
Original line number Diff line number Diff line
@@ -2,7 +2,6 @@ 
# Common libraries for tools and emulators

stub-obj-y = stubs/

util-obj-y = util/ qobject/ qapi/ qapi-types.o qapi-visit.o qapi-event.o

util-obj-y += crypto/



#######################################################################

# block-obj-y is code used by both qemu system emulation and qemu-img
@@ -21,6 +20,16 @@ block-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o 


block-obj-m = block/



#######################################################################

# crypto-obj-y is code used by both qemu system emulation and qemu-img



crypto-obj-y = crypto/

crypto-aes-obj-y = crypto/



#######################################################################

# qom-obj-y is code used by both qemu system emulation and qemu-img



qom-obj-y = qom/



######################################################################

# smartcard

Makefile.target

+6 −0
Original line number Diff line number Diff line
@@ -170,12 +170,18 @@ target-obj-y-save := $(target-obj-y) 
dummy := $(call unnest-vars,.., \

               block-obj-y \

               block-obj-m \

               crypto-obj-y \

               crypto-aes-obj-y \

               qom-obj-y \

               common-obj-y \

               common-obj-m)

target-obj-y := $(target-obj-y-save)

all-obj-y += $(common-obj-y)

all-obj-y += $(target-obj-y)

all-obj-y += $(qom-obj-y)

all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y)

all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)

all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)



$(QEMU_PROG_BUILD): config-devices.mak

configure

+22 −31
Original line number Diff line number Diff line
@@ -242,7 +242,6 @@ vnc="yes" 
sparse="no"

uuid=""

vde=""

vnc_tls=""

vnc_sasl=""

vnc_jpeg=""

vnc_png=""
@@ -416,6 +415,9 @@ if test "$debug_info" = "yes"; then 
    LDFLAGS="-g $LDFLAGS"

fi



test_cflags=""

test_libs=""



# make source path absolute

source_path=`cd "$source_path"; pwd`
@@ -880,10 +882,6 @@ for opt do 
  ;;

  --disable-strip) strip_opt="no"

  ;;

  --disable-vnc-tls) vnc_tls="no"

  ;;

  --enable-vnc-tls) vnc_tls="yes"

  ;;

  --disable-vnc-sasl) vnc_sasl="no"

  ;;

  --enable-vnc-sasl) vnc_sasl="yes"
@@ -2249,6 +2247,19 @@ if test "$gnutls_nettle" != "no"; then 
    fi

fi



##########################################

# libtasn1 - only for the TLS creds/session test suite



tasn1=yes

if $pkg_config --exists "libtasn1"; then

    tasn1_cflags=`$pkg_config --cflags libtasn1`

    tasn1_libs=`$pkg_config --libs libtasn1`

    test_cflags="$test_cflags $tasn1_cflags"

    test_libs="$test_libs $tasn1_libs"

else

    tasn1=no

fi





##########################################

# VTE probe
@@ -2393,28 +2404,6 @@ EOF 
  fi

fi



##########################################

# VNC TLS/WS detection

if test "$vnc" = "yes" -a "$vnc_tls" != "no" ; then

  cat > $TMPC <<EOF

#include <gnutls/gnutls.h>

int main(void) { gnutls_session_t s; gnutls_init(&s, GNUTLS_SERVER); return 0; }

EOF

  vnc_tls_cflags=`$pkg_config --cflags gnutls 2> /dev/null`

  vnc_tls_libs=`$pkg_config --libs gnutls 2> /dev/null`

  if compile_prog "$vnc_tls_cflags" "$vnc_tls_libs" ; then

    if test "$vnc_tls" != "no" ; then

      vnc_tls=yes

    fi

    libs_softmmu="$vnc_tls_libs $libs_softmmu"

    QEMU_CFLAGS="$QEMU_CFLAGS $vnc_tls_cflags"

  else

    if test "$vnc_tls" = "yes" ; then

      feature_not_found "vnc-tls" "Install gnutls devel"

    fi

    vnc_tls=no

  fi

fi



##########################################

# VNC SASL detection
@@ -4574,6 +4563,7 @@ echo "GNUTLS support $gnutls" 
echo "GNUTLS hash       $gnutls_hash"

echo "GNUTLS gcrypt     $gnutls_gcrypt"

echo "GNUTLS nettle     $gnutls_nettle ${gnutls_nettle+($nettle_version)}"

echo "libtasn1          $tasn1"

echo "VTE support       $vte"

echo "curses support    $curses"

echo "curl support      $curl"
@@ -4584,7 +4574,6 @@ echo "Block whitelist (ro) $block_drv_ro_whitelist" 
echo "VirtFS support    $virtfs"

echo "VNC support       $vnc"

if test "$vnc" = "yes" ; then

    echo "VNC TLS support   $vnc_tls"

    echo "VNC SASL support  $vnc_sasl"

    echo "VNC JPEG support  $vnc_jpeg"

    echo "VNC PNG support   $vnc_png"
@@ -4793,9 +4782,6 @@ echo "CONFIG_BDRV_RO_WHITELIST=$block_drv_ro_whitelist" >> $config_host_mak 
if test "$vnc" = "yes" ; then

  echo "CONFIG_VNC=y" >> $config_host_mak

fi

if test "$vnc_tls" = "yes" ; then

  echo "CONFIG_VNC_TLS=y" >> $config_host_mak

fi

if test "$vnc_sasl" = "yes" ; then

  echo "CONFIG_VNC_SASL=y" >> $config_host_mak

fi
@@ -4945,6 +4931,9 @@ if test "$gnutls_nettle" = "yes" ; then 
  echo "CONFIG_GNUTLS_NETTLE=y" >> $config_host_mak

  echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak

fi

if test "$tasn1" = "yes" ; then

  echo "CONFIG_TASN1=y" >> $config_host_mak

fi

if test "$vte" = "yes" ; then

  echo "CONFIG_VTE=y" >> $config_host_mak

  echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
@@ -5268,6 +5257,8 @@ echo "EXESUF=$EXESUF" >> $config_host_mak 
echo "DSOSUF=$DSOSUF" >> $config_host_mak

echo "LDFLAGS_SHARED=$LDFLAGS_SHARED" >> $config_host_mak

echo "LIBS_QGA+=$libs_qga" >> $config_host_mak

echo "TEST_LIBS=$test_libs" >> $config_host_mak

echo "TEST_CFLAGS=$test_cflags" >> $config_host_mak

echo "POD2MAN=$POD2MAN" >> $config_host_mak

echo "TRANSLATE_OPT_CFLAGS=$TRANSLATE_OPT_CFLAGS" >> $config_host_mak

if test "$gcov" = "yes" ; then

crypto/Makefile.objs

+12 −5
Original line number Diff line number Diff line 
util-obj-y += init.o

util-obj-y += hash.o

util-obj-y += aes.o

util-obj-y += desrfb.o

util-obj-y += cipher.o
 
crypto-obj-y = init.o

crypto-obj-y += hash.o

crypto-obj-y += aes.o

crypto-obj-y += desrfb.o

crypto-obj-y += cipher.o

crypto-obj-y += tlscreds.o

crypto-obj-y += tlscredsanon.o

crypto-obj-y += tlscredsx509.o

crypto-obj-y += tlssession.o



# Let the userspace emulators avoid linking gnutls/etc

crypto-aes-obj-y = aes.o