It has been over two years since RHEL-8 was released, and thus per the
platform build policy, we no longer need to support RHEL-7 as a build
target. This lets us increment the minimum required nettle version and
drop a lot of backwards compatibility code for 2.x series of nettle.
Per repology, current shipping versions are:
RHEL-8: 3.4.1
Debian Stretch: 3.3
Debian Buster: 3.4.1
openSUSE Leap 15.2: 3.4.1
Ubuntu LTS 18.04: 3.4
Ubuntu LTS 20.04: 3.5.1
FreeBSD: 3.7.2
Fedora 33: 3.5.1
Fedora 34: 3.7.2
OpenBSD: 3.7.2
macOS HomeBrew: 3.7.2
Debian Stretch has the oldest version and so 3.3 is the new minimum.
Signed-off-by: Daniel P. Berrangé
---
.gitlab-ci.yml | 10 --
configure | 4 +---
crypto/cipher-nettle.c.inc | 31 ---
crypto/hash-nettle.c | 4
crypto/hmac-nettle.c | 4
5 files changed, 1 insertion(+), 52 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 23917d6d73..aef16515d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -716,16 +716,6 @@ build-coroutine-sigaltstack:
#
# These jobs test old gcrypt and nettle from RHEL7
# which had some API differences.
-crypto-old-nettle:
- <<: *native_build_job_definition
- needs:
-job: amd64-centos7-container
- variables:
-IMAGE: centos7
-TARGETS: x86_64-softmmu x86_64-linux-user
-CONFIGURE_ARGS: --disable-gcrypt --enable-nettle
-MAKE_CHECK_ARGS: check
-
crypto-old-gcrypt:
<<: *native_build_job_definition
needs:
diff --git a/configure b/configure
index 54f8475444..53902d9c02 100755
--- a/configure
+++ b/configure
@@ -2860,10 +2860,9 @@ has_libgcrypt() {
if test "$nettle" != "no"; then
pass="no"
-if $pkg_config --exists "nettle >= 2.7.1"; then
+if $pkg_config --exists "nettle >= 3.3"; then
nettle_cflags=$($pkg_config --cflags nettle)
nettle_libs=$($pkg_config --libs nettle)
-nettle_version=$($pkg_config --modversion nettle)
# Link test to make sure the given libraries work (e.g for static).
write_c_skeleton
if compile_prog "" "$nettle_libs" ; then
@@ -5722,7 +5721,6 @@ if test "$gcrypt" = "yes" ; then
fi
if test "$nettle" = "yes" ; then
echo "CONFIG_NETTLE=y" >> $config_host_mak
- echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
echo "NETTLE_CFLAGS=$nettle_cflags" >> $config_host_mak
echo "NETTLE_LIBS=$nettle_libs" >> $config_host_mak
fi
diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc
index cac771e4ff..490472656c 100644
--- a/crypto/cipher-nettle.c.inc
+++ b/crypto/cipher-nettle.c.inc
@@ -39,41 +39,10 @@ typedef void (*QCryptoCipherNettleFuncWrapper)(const void
*ctx,
uint8_t *dst,
const uint8_t *src);
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef nettle_crypt_func * QCryptoCipherNettleFuncNative;
-typedef void * cipher_ctx_t;
-typedef unsigned cipher_length_t;
-#define CONST_CTX
-
-#define cast5_set_key cast128_set_key
-
-#define aes128_ctx aes_ctx
-#define aes192_ctx aes_ctx
-#define aes256_ctx aes_ctx
-#define aes128_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 16, k)
-#define aes192_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 24, k)
-#define aes256_set_encrypt_key(c, k) \
-aes_set_encrypt_key(c, 32, k)
-#define aes128_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 16, k)
-#define aes192_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 24, k)
-#define aes256_set_decrypt_key(c, k) \
-aes_set_decrypt_key(c, 32, k)
-#define aes128_encrypt aes_encrypt
-#define aes192_encrypt aes_encrypt
-#define aes256_encrypt aes_encrypt
-#define aes128_decrypt aes_decrypt
-#define aes192_decrypt aes_decrypt
-#define aes256_decrypt aes_decrypt
-#else
typedef nettle_cipher_func * QCryptoCipherNettleFuncNative;
typedef const void * cipher_ctx_t;
typedef size_t cipher_length_t;
#define CONST_CTXconst
-#endif
static inline bool qcrypto_length_check(size_t len, size_t blocksize,
Error **errp)
diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c
index 2a6ee7c7d5..5c8977fb80 100644
--- a/crypto/hash-nettle.c
+++ b/crypto/hash-nettle.c
@@ -26,11 +26,7 @@
#include
#include
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef unsigned int hash_length_t;
-#else
typedef size_t hash_length_t;
-#endif
typedef void (*qcrypto_nettle_init)(void *ctx);
typedef void (*qcrypto_nettle_write)(void *ctx,
diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c
index 1152b741fd..da6b6fa014 100644
--- a/crypto/hmac-nettle.c
+++ b/crypto/hmac-nettle.c
@@ -18,11 +18,7 @@
#include "hmacpriv.h"
#include
-#if CONFIG_NETTLE_VERSION_MAJOR < 3
-typedef unsigned int hmac_length_t;
-#else
typedef size_t hmac_length_t;
-#endif
typedef void