diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2021-06-30 17:20:02 +0100 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2021-07-14 14:15:52 +0100 |
| commit | cc4c7c738297958b3d1d16269f57d71d22f5a9ff (patch) | |
| tree | 745293c10a7fc32bb58355494b38f92357230511 /meson.build | |
| parent | 260a13d4726ce62bdc0ed3a7a13c34de3367f5e2 (diff) | |
| download | qemu-cc4c7c738297958b3d1d16269f57d71d22f5a9ff.zip qemu-cc4c7c738297958b3d1d16269f57d71d22f5a9ff.tar.gz qemu-cc4c7c738297958b3d1d16269f57d71d22f5a9ff.tar.bz2 | |
crypto: introduce build system for gnutls crypto backend
This introduces the build logic needed to decide whether we can
use gnutls as a crypto driver backend. The actual implementations
will be introduced in following patches. We only wish to use
gnutls if it has version 3.6.14 or newer, because that is what
finally brings HW accelerated AES-XTS mode for x86_64.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'meson.build')
| -rw-r--r-- | meson.build | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/meson.build b/meson.build index c3a6096..38b89d4 100644 --- a/meson.build +++ b/meson.build @@ -816,11 +816,34 @@ if 'CONFIG_OPENGL' in config_host endif gnutls = not_found +gnutls_crypto = not_found if not get_option('gnutls').auto() or have_system - gnutls = dependency('gnutls', version: '>=3.5.18', - method: 'pkg-config', - required: get_option('gnutls'), - kwargs: static_kwargs) + # For general TLS support our min gnutls matches + # that implied by our platform support matrix + # + # For the crypto backends, we look for a newer + # gnutls: + # + # Version 3.6.8 is needed to get XTS + # Version 3.6.13 is needed to get PBKDF + # Version 3.6.14 is needed to get HW accelerated XTS + # + # If newer enough gnutls isn't available, we can + # still use a different crypto backend to satisfy + # the platform support requirements + gnutls_crypto = dependency('gnutls', version: '>=3.6.14', + method: 'pkg-config', + required: false, + kwargs: static_kwargs) + if gnutls_crypto.found() + gnutls = gnutls_crypto + else + # Our min version if all we need is TLS + gnutls = dependency('gnutls', version: '>=3.5.18', + method: 'pkg-config', + required: get_option('gnutls'), + kwargs: static_kwargs) + endif endif # Gcrypt has priority over nettle @@ -852,6 +875,9 @@ if (not get_option('nettle').auto() or have_system) and not gcrypt.found() xts = 'private' endif endif +if gcrypt.found() or nettle.found() + gnutls_crypto = not_found +endif gtk = not_found gtkx11 = not_found @@ -1236,6 +1262,7 @@ config_host_data.set('CONFIG_XKBCOMMON', xkbcommon.found()) config_host_data.set('CONFIG_KEYUTILS', keyutils.found()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) +config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private') @@ -2958,6 +2985,7 @@ summary(summary_info, bool_yn: true, section: 'Block layer support') summary_info = {} summary_info += {'TLS priority': config_host['CONFIG_TLS_PRIORITY']} summary_info += {'GNUTLS support': gnutls.found()} +summary_info += {'GNUTLS crypto': gnutls_crypto.found()} # TODO: add back version summary_info += {'libgcrypt': gcrypt.found()} # TODO: add back version |