From fff2f982ab6ac0dd2b641d30303f72270a019f28 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 29 Mar 2016 15:47:51 +0100
Subject: [PATCH] crypto: do an explicit check for nettle pbkdf functions

Support for the PBKDF functions in nettle was not introduced
until version 2.6. Some distros QEMU targets have older
versions and thus lack PBKDF support. Address this by doing
a check in configure for the desired function and then skipping
compilation of the nettle-pbkdf.o module

Reported-by: Wen Congyang <wency@cn.fujitsu.com>
Tested-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 configure            | 16 ++++++++++++++++
 crypto/Makefile.objs |  4 ++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 2832ff6fbd..5db29f0245 100755
--- a/configure
+++ b/configure
@@ -308,6 +308,7 @@ gnutls=""
 gnutls_hash=""
 gnutls_rnd=""
 nettle=""
+nettle_kdf="no"
 gcrypt=""
 gcrypt_kdf="no"
 vte=""
@@ -2335,6 +2336,17 @@ if test "$nettle" != "no"; then
         libs_tools="$nettle_libs $libs_tools"
         QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
         nettle="yes"
+
+        cat > $TMPC << EOF
+#include <nettle/pbkdf2.h>
+int main(void) {
+     pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
+     return 0;
+}
+EOF
+        if compile_prog "$nettle_cflags" "$nettle_libs" ; then
+            nettle_kdf=yes
+        fi
     else
         if test "$nettle" = "yes"; then
             feature_not_found "nettle" "Install nettle devel"
@@ -4746,6 +4758,7 @@ if test "$nettle" = "yes"; then
 else
     echo "nettle            $nettle"
 fi
+echo "nettle kdf        $nettle_kdf"
 echo "libtasn1          $tasn1"
 echo "VTE support       $vte"
 echo "curses support    $curses"
@@ -5130,6 +5143,9 @@ fi
 if test "$nettle" = "yes" ; then
   echo "CONFIG_NETTLE=y" >> $config_host_mak
   echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
+  if test "$nettle_kdf" = "yes" ; then
+    echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
+  fi
 fi
 if test "$tasn1" = "yes" ; then
   echo "CONFIG_TASN1=y" >> $config_host_mak
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 9f2c87eafa..0737f48118 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -11,8 +11,8 @@ crypto-obj-y += secret.o
 crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
 crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
 crypto-obj-y += pbkdf.o
-crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
-crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
+crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
+crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
 crypto-obj-y += ivgen.o
 crypto-obj-y += ivgen-essiv.o
 crypto-obj-y += ivgen-plain.o
-- 
2.30.2