[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough
From: |
Daniel P . Berrangé |
Subject: |
[PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough |
Date: |
Tue, 6 Jul 2021 10:59:24 +0100 |
If we have gnutls >= 3.6.13, then it has enough functionality
and performance that we can use it as the preferred crypto
backend.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
meson.build | 59 +++++++++++++++++++++++++++++++----------------------
1 file changed, 35 insertions(+), 24 deletions(-)
diff --git a/meson.build b/meson.build
index 6031f4f0b1..0bec6f7e40 100644
--- a/meson.build
+++ b/meson.build
@@ -841,39 +841,50 @@ if not get_option('gnutls').auto() or have_system
endif
endif
-# Gcrypt has priority over nettle
+# We prefer use of gnutls for crypto, unless the options
+# explicitly asked for nettle or gcrypt.
+#
+# If gnutls isn't available for crypto, then we'll prefer
+# gcrypt over nettle for performance reasons.
gcrypt = not_found
nettle = not_found
xts = 'none'
+
if get_option('nettle').enabled() and get_option('gcrypt').enabled()
error('Only one of gcrypt & nettle can be enabled')
-elif (not get_option('gcrypt').auto() or have_system) and not
get_option('nettle').enabled()
- gcrypt = dependency('libgcrypt', version: '>=1.8',
- method: 'config-tool',
- required: get_option('gcrypt'),
- kwargs: static_kwargs)
- # Debian has removed -lgpg-error from libgcrypt-config
- # as it "spreads unnecessary dependencies" which in
- # turn breaks static builds...
- if gcrypt.found() and enable_static
- gcrypt = declare_dependency(dependencies: [
- gcrypt,
- cc.find_library('gpg-error', required: true, kwargs: static_kwargs)])
- endif
-endif
-if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
- nettle = dependency('nettle', version: '>=3.4',
- method: 'pkg-config',
- required: get_option('nettle'),
- kwargs: static_kwargs)
- if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle)
- xts = 'private'
- endif
endif
-if gcrypt.found() or nettle.found()
+
+# Explicit nettle/gcrypt request, so ignore gnutls for crypto
+if get_option('nettle').enabled() or get_option('gcrypt').enabled()
gnutls_crypto = not_found
endif
+if not gnutls_crypto.found()
+ if (not get_option('gcrypt').auto() or have_system) and not
get_option('nettle').enabled()
+ gcrypt = dependency('libgcrypt', version: '>=1.8',
+ method: 'config-tool',
+ required: get_option('gcrypt'),
+ kwargs: static_kwargs)
+ # Debian has removed -lgpg-error from libgcrypt-config
+ # as it "spreads unnecessary dependencies" which in
+ # turn breaks static builds...
+ if gcrypt.found() and enable_static
+ gcrypt = declare_dependency(dependencies: [
+ gcrypt,
+ cc.find_library('gpg-error', required: true, kwargs: static_kwargs)])
+ endif
+ endif
+ if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
+ nettle = dependency('nettle', version: '>=3.4',
+ method: 'pkg-config',
+ required: get_option('nettle'),
+ kwargs: static_kwargs)
+ if nettle.found() and not cc.has_header('nettle/xts.h', dependencies:
nettle)
+ xts = 'private'
+ endif
+ endif
+endif
+
gtk = not_found
gtkx11 = not_found
if not get_option('gtk').auto() or (have_system and not cocoa.found())
--
2.31.1
- Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, (continued)
Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Eric Blake, 2021/07/08
[PATCH 14/18] crypto: add gnutls cipher provider, Daniel P . Berrangé, 2021/07/06
[PATCH 15/18] crypto: add gnutls hash provider, Daniel P . Berrangé, 2021/07/06
[PATCH 16/18] crypto: add gnutls hmac provider, Daniel P . Berrangé, 2021/07/06
[PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough,
Daniel P . Berrangé <=
[PATCH 17/18] crypto: add gnutls pbkdf provider, Daniel P . Berrangé, 2021/07/06