[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 13/18] crypto: introduce build system for gnutls crypto backend
|
From: |
Daniel P . Berrangé |
|
Subject: |
[PATCH 13/18] crypto: introduce build system for gnutls crypto backend |
|
Date: |
Tue, 6 Jul 2021 10:59:19 +0100 |
This introduces the build logic needed to decide whether we can
use gnutls as a crypto driver backend. The actual implementations
will be introduced in following patches. We only wish to use
gnutls if it has version 3.6.14 or newer, because that is what
finally brings HW accelerated AES-XTS mode for x86_64.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
meson.build | 36 ++++++++++++++++++++++++++++++++----
1 file changed, 32 insertions(+), 4 deletions(-)
diff --git a/meson.build b/meson.build
index 51b8f4ab75..6031f4f0b1 100644
--- a/meson.build
+++ b/meson.build
@@ -811,11 +811,34 @@ if 'CONFIG_OPENGL' in config_host
endif
gnutls = not_found
+gnutls_crypto = not_found
if not get_option('gnutls').auto() or have_system
- gnutls = dependency('gnutls', version: '>=3.5.18',
- method: 'pkg-config',
- required: get_option('gnutls'),
- kwargs: static_kwargs)
+ # For general TLS support our min gnutls matches
+ # that implied by our platform support matrix
+ #
+ # For the crypto backends, we look for a newer
+ # gnutls:
+ #
+ # Version 3.6.8 is needed to get XTS
+ # Version 3.6.13 is needed to get PBKDF
+ # Version 3.6.14 is needed to get HW accelerated XTS
+ #
+ # If newer enough gnutls isn't available, we can
+ # still use a different crypto backend to satisfy
+ # the platform support requirements
+ gnutls_crypto = dependency('gnutls', version: '>=3.6.14',
+ method: 'pkg-config',
+ required: get_option('gnutls'),
+ kwargs: static_kwargs)
+ if gnutls_crypto.found()
+ gnutls = gnutls_crypto
+ else
+ # Our min version if all we need is TLS
+ gnutls = dependency('gnutls', version: '>=3.5.18',
+ method: 'pkg-config',
+ required: get_option('gnutls'),
+ kwargs: static_kwargs)
+ endif
endif
# Gcrypt has priority over nettle
@@ -847,6 +870,9 @@ if (not get_option('nettle').auto() or have_system) and not
gcrypt.found()
xts = 'private'
endif
endif
+if gcrypt.found() or nettle.found()
+ gnutls_crypto = not_found
+endif
gtk = not_found
gtkx11 = not_found
@@ -1219,6 +1245,7 @@ config_host_data.set('CONFIG_XKBCOMMON',
xkbcommon.found())
config_host_data.set('CONFIG_KEYUTILS', keyutils.found())
config_host_data.set('CONFIG_GETTID', has_gettid)
config_host_data.set('CONFIG_GNUTLS', gnutls.found())
+config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found())
config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
config_host_data.set('CONFIG_NETTLE', nettle.found())
config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
@@ -2719,6 +2746,7 @@ summary(summary_info, bool_yn: true, section: 'Block
layer support')
summary_info = {}
summary_info += {'TLS priority': config_host['CONFIG_TLS_PRIORITY']}
summary_info += {'GNUTLS support': gnutls.found()}
+summary_info += {'GNUTLS crypto': gnutls_crypto.found()}
# TODO: add back version
summary_info += {'libgcrypt': gcrypt.found()}
# TODO: add back version
--
2.31.1
- Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, (continued)
- [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver, Daniel P . Berrangé, 2021/07/06
- [PATCH 04/18] crypto: use &error_fatal in crypto tests, Daniel P . Berrangé, 2021/07/06
- [PATCH 10/18] crypto: delete built-in XTS cipher mode support, Daniel P . Berrangé, 2021/07/06
- [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt, Daniel P . Berrangé, 2021/07/06
- [PATCH 13/18] crypto: introduce build system for gnutls crypto backend,
Daniel P . Berrangé <=
- [PATCH 11/18] crypto: rename des-rfb cipher to just des, Daniel P . Berrangé, 2021/07/06
- Re: [PATCH 11/18] crypto: rename des-rfb cipher to just des, Eric Blake, 2021/07/08
[PATCH 14/18] crypto: add gnutls cipher provider, Daniel P . Berrangé, 2021/07/06
[PATCH 15/18] crypto: add gnutls hash provider, Daniel P . Berrangé, 2021/07/06