[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 18/26] crypto: prefer gnutls as the crypto backend if new enough
From: |
Daniel P . Berrangé |
Subject: |
[PULL 18/26] crypto: prefer gnutls as the crypto backend if new enough |
Date: |
Wed, 14 Jul 2021 15:08:50 +0100 |
If we have gnutls >= 3.6.13, then it has enough functionality
and performance that we can use it as the preferred crypto
backend.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
meson.build | 59 +++++++++++++++++++++++++++++++----------------------
1 file changed, 35 insertions(+), 24 deletions(-)
diff --git a/meson.build b/meson.build
index 38b89d424b..073269c59f 100644
--- a/meson.build
+++ b/meson.build
@@ -846,39 +846,50 @@ if not get_option('gnutls').auto() or have_system
endif
endif
-# Gcrypt has priority over nettle
+# We prefer use of gnutls for crypto, unless the options
+# explicitly asked for nettle or gcrypt.
+#
+# If gnutls isn't available for crypto, then we'll prefer
+# gcrypt over nettle for performance reasons.
gcrypt = not_found
nettle = not_found
xts = 'none'
+
if get_option('nettle').enabled() and get_option('gcrypt').enabled()
error('Only one of gcrypt & nettle can be enabled')
-elif (not get_option('gcrypt').auto() or have_system) and not
get_option('nettle').enabled()
- gcrypt = dependency('libgcrypt', version: '>=1.8',
- method: 'config-tool',
- required: get_option('gcrypt'),
- kwargs: static_kwargs)
- # Debian has removed -lgpg-error from libgcrypt-config
- # as it "spreads unnecessary dependencies" which in
- # turn breaks static builds...
- if gcrypt.found() and enable_static
- gcrypt = declare_dependency(dependencies: [
- gcrypt,
- cc.find_library('gpg-error', required: true, kwargs: static_kwargs)])
- endif
-endif
-if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
- nettle = dependency('nettle', version: '>=3.4',
- method: 'pkg-config',
- required: get_option('nettle'),
- kwargs: static_kwargs)
- if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle)
- xts = 'private'
- endif
endif
-if gcrypt.found() or nettle.found()
+
+# Explicit nettle/gcrypt request, so ignore gnutls for crypto
+if get_option('nettle').enabled() or get_option('gcrypt').enabled()
gnutls_crypto = not_found
endif
+if not gnutls_crypto.found()
+ if (not get_option('gcrypt').auto() or have_system) and not
get_option('nettle').enabled()
+ gcrypt = dependency('libgcrypt', version: '>=1.8',
+ method: 'config-tool',
+ required: get_option('gcrypt'),
+ kwargs: static_kwargs)
+ # Debian has removed -lgpg-error from libgcrypt-config
+ # as it "spreads unnecessary dependencies" which in
+ # turn breaks static builds...
+ if gcrypt.found() and enable_static
+ gcrypt = declare_dependency(dependencies: [
+ gcrypt,
+ cc.find_library('gpg-error', required: true, kwargs: static_kwargs)])
+ endif
+ endif
+ if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
+ nettle = dependency('nettle', version: '>=3.4',
+ method: 'pkg-config',
+ required: get_option('nettle'),
+ kwargs: static_kwargs)
+ if nettle.found() and not cc.has_header('nettle/xts.h', dependencies:
nettle)
+ xts = 'private'
+ endif
+ endif
+endif
+
gtk = not_found
gtkx11 = not_found
vte = not_found
--
2.31.1
- [PULL 08/26] crypto: add crypto tests for single block DES-ECB and DES-CBC, (continued)
- [PULL 08/26] crypto: add crypto tests for single block DES-ECB and DES-CBC, Daniel P . Berrangé, 2021/07/14
- [PULL 09/26] crypto: delete built-in DES implementation, Daniel P . Berrangé, 2021/07/14
- [PULL 10/26] crypto: delete built-in XTS cipher mode support, Daniel P . Berrangé, 2021/07/14
- [PULL 11/26] crypto: replace 'des-rfb' cipher with 'des', Daniel P . Berrangé, 2021/07/14
- [PULL 13/26] crypto: introduce build system for gnutls crypto backend, Daniel P . Berrangé, 2021/07/14
- [PULL 12/26] crypto: flip priority of backends to prefer gcrypt, Daniel P . Berrangé, 2021/07/14
- [PULL 14/26] crypto: add gnutls cipher provider, Daniel P . Berrangé, 2021/07/14
- [PULL 15/26] crypto: add gnutls hash provider, Daniel P . Berrangé, 2021/07/14
- [PULL 16/26] crypto: add gnutls hmac provider, Daniel P . Berrangé, 2021/07/14
- [PULL 17/26] crypto: add gnutls pbkdf provider, Daniel P . Berrangé, 2021/07/14
- [PULL 18/26] crypto: prefer gnutls as the crypto backend if new enough,
Daniel P . Berrangé <=
- [PULL 19/26] net/rocker: use GDateTime for formatting timestamp in debug messages, Daniel P . Berrangé, 2021/07/14
- [PULL 20/26] io: use GDateTime for formatting timestamp for websock headers, Daniel P . Berrangé, 2021/07/14
- [PULL 21/26] seccomp: don't block getters for resource control syscalls, Daniel P . Berrangé, 2021/07/14
- [PULL 22/26] tests/migration: fix unix socket migration, Daniel P . Berrangé, 2021/07/14
- [PULL 23/26] docs: fix typo s/Intel/AMD/ in CPU model notes, Daniel P . Berrangé, 2021/07/14
- [PULL 24/26] qemu-options: re-arrange CPU topology options, Daniel P . Berrangé, 2021/07/14
- [PULL 25/26] qemu-options: tweak to show that CPU count is optional, Daniel P . Berrangé, 2021/07/14
- [PULL 26/26] qemu-options: rewrite help for -smp options, Daniel P . Berrangé, 2021/07/14
- Re: [PULL v2 00/26] Crypto and more patches, Peter Maydell, 2021/07/15