Re: [PATCH 13/18] crypto: introduce build system for gnutls crypto backend

Thu, 08 Jul 2021 12:07:27 -0700 

On Tue, Jul 06, 2021 at 10:59:19AM +0100, Daniel P. Berrangé wrote:
> This introduces the build logic needed to decide whether we can
> use gnutls as a crypto driver backend. The actual implementations
> will be introduced in following patches. We only wish to use
> gnutls if it has version 3.6.14 or newer, because that is what
> finally brings HW accelerated AES-XTS mode for x86_64.
> 
> Signed-off-by: Daniel P. Berrangé <[email protected]>
> ---
>  meson.build | 36 ++++++++++++++++++++++++++++++++----
>  1 file changed, 32 insertions(+), 4 deletions(-)

Again, take this with a grain of salt, since my meson skills are near
zero.  But the comments do a good job, and it looks sane.

> diff --git a/meson.build b/meson.build
> index 51b8f4ab75..6031f4f0b1 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -811,11 +811,34 @@ if 'CONFIG_OPENGL' in config_host
>  endif
>  
>  gnutls = not_found
> +gnutls_crypto = not_found
>  if not get_option('gnutls').auto() or have_system
> -  gnutls = dependency('gnutls', version: '>=3.5.18',
> -                      method: 'pkg-config',
> -                      required: get_option('gnutls'),
> -                      kwargs: static_kwargs)
> +  # For general TLS support our min gnutls matches
> +  # that implied by our platform support matrix
> +  #
> +  # For the crypto backends, we look for a newer
> +  # gnutls:
> +  #
> +  #   Version 3.6.8  is needed to get XTS
> +  #   Version 3.6.13 is needed to get PBKDF
> +  #   Version 3.6.14 is needed to get HW accelerated XTS
> +  #
> +  # If newer enough gnutls isn't available, we can
> +  # still use a different crypto backend to satisfy
> +  # the platform support requirements
> +  gnutls_crypto = dependency('gnutls', version: '>=3.6.14',
> +                             method: 'pkg-config',
> +                             required: get_option('gnutls'),
> +                             kwargs: static_kwargs)
> +  if gnutls_crypto.found()
> +    gnutls = gnutls_crypto
> +  else
> +    # Our min version if all we need is TLS
> +    gnutls = dependency('gnutls', version: '>=3.5.18',
> +                     method: 'pkg-config',
> +                     required: get_option('gnutls'),
> +                     kwargs: static_kwargs)

TAB damage.

With that fixed,
Reviewed-by: Eric Blake <[email protected]>

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Reply via email to