Re: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt

From:	Eric Blake
Subject:	Re: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt
Date:	Thu, 8 Jul 2021 13:59:33 -0500
User-agent:	NeoMutt/20210205-556-f84451-dirty

On Tue, Jul 06, 2021 at 10:59:18AM +0100, Daniel P. Berrangé wrote:
> Originally we preferred to use nettle, over gcrypt because

s/nettle, over gcrypt/nettle over gcrypt,/

> gnutls already links to nettle and thus it minimizes the
> dependencies. In retrospect this was the wrong criteria to
> optimize for.
> 
> Currently shipping versions of gcrypt have cipher impls that
> are massively faster than those in nettle and this is way
> more important.  The nettle library is also not capable of
> enforcing FIPS compliance, since it considers that out of
> scope. It merely aims to provide general purpose impls of
> algorithms, and usage policy is left upto the layer above,
> such as GNUTTLS.

GNUTLS

> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  meson.build | 22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)
> 

My meson skills are weak, but the change looks reasonable, and the
proof is in building things.

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, (continued)
- [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, Eric Blake, 2021/07/08
    - Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, Daniel P . Berrangé, 2021/07/09
- [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver, Eric Blake, 2021/07/08
- [PATCH 04/18] crypto: use &error_fatal in crypto tests, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 04/18] crypto: use &error_fatal in crypto tests, Eric Blake, 2021/07/08
- [PATCH 10/18] crypto: delete built-in XTS cipher mode support, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 10/18] crypto: delete built-in XTS cipher mode support, Eric Blake, 2021/07/08
- [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt, Eric Blake <=
- [PATCH 13/18] crypto: introduce build system for gnutls crypto backend, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 13/18] crypto: introduce build system for gnutls crypto backend, Eric Blake, 2021/07/08
- [PATCH 11/18] crypto: rename des-rfb cipher to just des, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Markus Armbruster, 2021/07/07
    - Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Daniel P . Berrangé, 2021/07/07
    - Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Markus Armbruster, 2021/07/08
    - Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Daniel P . Berrangé, 2021/07/09
  - Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Eric Blake, 2021/07/08
- [PATCH 14/18] crypto: add gnutls cipher provider, Daniel P . Berrangé, 2021/07/06
  - Re: [PATCH 14/18] crypto: add gnutls cipher provider, Eric Blake, 2021/07/08

Prev by Date: Re: [PATCH 10/18] crypto: delete built-in XTS cipher mode support
Next by Date: Re: [PATCH 13/18] crypto: introduce build system for gnutls crypto backend
Previous by thread: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt
Next by thread: [PATCH 13/18] crypto: introduce build system for gnutls crypto backend
Index(es):
- Date
- Thread