Re: [PATCH 03/12] crypto: bump min nettle to 3.3, dropping RHEL-7 support

2021-05-11 Thread Richard Henderson 

On 5/11/21 8:26 AM, Daniel P. Berrangé wrote:

It has been over two years since RHEL-8 was released, and thus per the
platform build policy, we no longer need to support RHEL-7 as a build
target. This lets us increment the minimum required nettle version and
drop a lot of backwards compatibility code for 2.x series of nettle.

Per repology, current shipping versions are:

  RHEL-8: 3.4.1
  Debian Stretch: 3.3
   Debian Buster: 3.4.1
  openSUSE Leap 15.2: 3.4.1
Ubuntu LTS 18.04: 3.4
Ubuntu LTS 20.04: 3.5.1
 FreeBSD: 3.7.2
   Fedora 33: 3.5.1
   Fedora 34: 3.7.2
 OpenBSD: 3.7.2
  macOS HomeBrew: 3.7.2

Debian Stretch has the oldest version and so 3.3 is the new minimum.

Signed-off-by: Daniel P. Berrangé
---


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 03/12] crypto: bump min nettle to 3.3, dropping RHEL-7 support

2021-05-11 Thread Willian Rampazzo 
On Tue, May 11, 2021 at 10:28 AM Daniel P. Berrangé  wrote:
>
> It has been over two years since RHEL-8 was released, and thus per the
> platform build policy, we no longer need to support RHEL-7 as a build
> target. This lets us increment the minimum required nettle version and
> drop a lot of backwards compatibility code for 2.x series of nettle.
>
> Per repology, current shipping versions are:
>
>  RHEL-8: 3.4.1
>  Debian Stretch: 3.3
>   Debian Buster: 3.4.1
>  openSUSE Leap 15.2: 3.4.1
>Ubuntu LTS 18.04: 3.4
>Ubuntu LTS 20.04: 3.5.1
> FreeBSD: 3.7.2
>   Fedora 33: 3.5.1
>   Fedora 34: 3.7.2
> OpenBSD: 3.7.2
>  macOS HomeBrew: 3.7.2
>
> Debian Stretch has the oldest version and so 3.3 is the new minimum.
>
> Signed-off-by: Daniel P. Berrangé 
> ---
>  .gitlab-ci.yml | 10 --
>  configure  |  4 +---
>  crypto/cipher-nettle.c.inc | 31 ---
>  crypto/hash-nettle.c   |  4 
>  crypto/hmac-nettle.c   |  4 
>  5 files changed, 1 insertion(+), 52 deletions(-)
>

Reviewed-by: Willian Rampazzo

Re: [PATCH 03/12] crypto: bump min nettle to 3.3, dropping RHEL-7 support

2021-05-11 Thread Thomas Huth 

On 11/05/2021 15.26, Daniel P. Berrangé wrote:

It has been over two years since RHEL-8 was released, and thus per the
platform build policy, we no longer need to support RHEL-7 as a build
target. This lets us increment the minimum required nettle version and
drop a lot of backwards compatibility code for 2.x series of nettle.

Per repology, current shipping versions are:

  RHEL-8: 3.4.1
  Debian Stretch: 3.3
   Debian Buster: 3.4.1
  openSUSE Leap 15.2: 3.4.1
Ubuntu LTS 18.04: 3.4
Ubuntu LTS 20.04: 3.5.1
 FreeBSD: 3.7.2
   Fedora 33: 3.5.1
   Fedora 34: 3.7.2
 OpenBSD: 3.7.2
  macOS HomeBrew: 3.7.2

Debian Stretch has the oldest version and so 3.3 is the new minimum.

Signed-off-by: Daniel P. Berrangé 


Reviewed-by: Thomas Huth

[PATCH 03/12] crypto: bump min nettle to 3.3, dropping RHEL-7 support

2021-05-11 Thread Daniel P . Berrangé 
It has been over two years since RHEL-8 was released, and thus per the
platform build policy, we no longer need to support RHEL-7 as a build
target. This lets us increment the minimum required nettle version and
drop a lot of backwards compatibility code for 2.x series of nettle.

Per repology, current shipping versions are:

 RHEL-8: 3.4.1
 Debian Stretch: 3.3
  Debian Buster: 3.4.1
 openSUSE Leap 15.2: 3.4.1
   Ubuntu LTS 18.04: 3.4
   Ubuntu LTS 20.04: 3.5.1
FreeBSD: 3.7.2
  Fedora 33: 3.5.1
  Fedora 34: 3.7.2
OpenBSD: 3.7.2
 macOS HomeBrew: 3.7.2

Debian Stretch has the oldest version and so 3.3 is the new minimum.

Signed-off-by: Daniel P. Berrangé 
---
 .gitlab-ci.yml | 10 --
 configure  |  4 +---
 crypto/cipher-nettle.c.inc | 31 ---
 crypto/hash-nettle.c   |  4 
 crypto/hmac-nettle.c   |  4 
 5 files changed, 1 insertion(+), 52 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 23917d6d73..aef16515d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -716,16 +716,6 @@ build-coroutine-sigaltstack:
 #
 # These jobs test old gcrypt and nettle from RHEL7
 # which had some API differences.
-crypto-old-nettle:
-  <<: *native_build_job_definition
-  needs:
-job: amd64-centos7-container
-  variables:
-IMAGE: centos7
-TARGETS: x86_64-softmmu x86_64-linux-user
-CONFIGURE_ARGS: --disable-gcrypt --enable-nettle
-MAKE_CHECK_ARGS: check
-
 crypto-old-gcrypt:
   <<: *native_build_job_definition
   needs:
diff --git a/configure b/configure
index 54f8475444..53902d9c02 100755
--- a/configure
+++ b/configure
@@ -2860,10 +2860,9 @@ has_libgcrypt() {
 
 if test "$nettle" != "no"; then
 pass="no"
-if $pkg_config --exists "nettle >= 2.7.1"; then
+if $pkg_config --exists "nettle >= 3.3"; then
 nettle_cflags=$($pkg_config --cflags nettle)
 nettle_libs=$($pkg_config --libs nettle)
-nettle_version=$($pkg_config --modversion nettle)
 # Link test to make sure the given libraries work (e.g for static).
 write_c_skeleton
 if compile_prog "" "$nettle_libs" ; then
@@ -5722,7 +5721,6 @@ if test "$gcrypt" = "yes" ; then
 fi
 if test "$nettle" = "yes" ; then
   echo "CONFIG_NETTLE=y" >> $config_host_mak
-  echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
   echo "NETTLE_CFLAGS=$nettle_cflags" >> $config_host_mak
   echo "NETTLE_LIBS=$nettle_libs" >> $config_host_mak
 fi
diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc
index cac771e4ff..490472656c 100644
--- a/crypto/cipher-nettle.c.inc
+++ b/crypto/cipher-nettle.c.inc
@@ -39,41 +39,10 @@ typedef void (*QCryptoCipherNettleFuncWrapper)(const void 
*ctx,
uint8_t *dst,
const uint8_t *src);
 
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
-typedef void *   cipher_ctx_t;
-typedef unsigned cipher_length_t;
-#define CONST_CTX
-
-#define cast5_set_key cast128_set_key
-
-#define aes128_ctx aes_ctx
-#define aes192_ctx aes_ctx
-#define aes256_ctx aes_ctx
-#define aes128_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 16, k)
-#define aes192_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 24, k)
-#define aes256_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 32, k)
-#define aes128_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 16, k)
-#define aes192_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 24, k)
-#define aes256_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 32, k)
-#define aes128_encrypt aes_encrypt
-#define aes192_encrypt aes_encrypt
-#define aes256_encrypt aes_encrypt
-#define aes128_decrypt aes_decrypt
-#define aes192_decrypt aes_decrypt
-#define aes256_decrypt aes_decrypt
-#else
 typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
 typedef const void * cipher_ctx_t;
 typedef size_t   cipher_length_t;
 #define CONST_CTXconst
-#endif
 
 static inline bool qcrypto_length_check(size_t len, size_t blocksize,
 Error **errp)
diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 2a6ee7c7d5..5c8977fb80 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -26,11 +26,7 @@
 #include 
 #include 
 
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef unsigned int hash_length_t;
-#else
 typedef size_t   hash_length_t;
-#endif
 
 typedef void (*qcrypto_nettle_init)(void *ctx);
 typedef void (*qcrypto_nettle_write)(void *ctx,
diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c
index 1152b741fd..da6b6fa014 100644
--- a/crypto/hmac-nettle.c
+++ b/crypto/hmac-nettle.c
@@ -18,11 +18,7 @@
 #include "hmacpriv.h"
 #include 
 
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef unsigned int hmac_length_t;
-#else
 typedef size_t hmac_length_t;
-#endif
 
 typedef void