crypto: prefer gnutls as the crypto backend if new enough

If we have gnutls >= 3.6.13, then it has enough functionality and performance that we can use it as the preferred crypto backend. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-07-22 02:44:53 +00:00 · 2021-07-02 17:38:33 +01:00 · 2021-07-02 17:38:33 +01:00 · 8bd0931f63
parent 8c1d3dc772
commit 8bd0931f63
1 changed files with 35 additions and 24 deletions
--- a/meson.build
+++ b/meson.build
@ -846,13 +846,26 @@ if not get_option('gnutls').auto() or have_system
  endif
 endif

-# Gcrypt has priority over nettle
+# We prefer use of gnutls for crypto, unless the options
+# explicitly asked for nettle or gcrypt.
+#
+# If gnutls isn't available for crypto, then we'll prefer
+# gcrypt over nettle for performance reasons.
 gcrypt = not_found
 nettle = not_found
 xts = 'none'
+
 if get_option('nettle').enabled() and get_option('gcrypt').enabled()
  error('Only one of gcrypt & nettle can be enabled')
-elif (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled()
+endif
+
+# Explicit nettle/gcrypt request, so ignore gnutls for crypto
+if get_option('nettle').enabled() or get_option('gcrypt').enabled()
+  gnutls_crypto = not_found
+endif
+
+if not gnutls_crypto.found()
+  if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled()
    gcrypt = dependency('libgcrypt', version: '>=1.8',
                        method: 'config-tool',
                        required: get_option('gcrypt'),
@ -875,8 +888,6 @@ if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
      xts = 'private'
    endif
  endif
-if gcrypt.found() or nettle.found()
-  gnutls_crypto = not_found
 endif

 gtk = not_found