From: Eric Blake <eblake@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>,
qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt
Date: Thu, 8 Jul 2021 13:59:33 -0500 [thread overview]
Message-ID: <20210708185933.5kis2vmvi45qsxjh@redhat.com> (raw)
In-Reply-To: <20210706095924.764117-13-berrange@redhat.com>
On Tue, Jul 06, 2021 at 10:59:18AM +0100, Daniel P. Berrangé wrote:
> Originally we preferred to use nettle, over gcrypt because
s/nettle, over gcrypt/nettle over gcrypt,/
> gnutls already links to nettle and thus it minimizes the
> dependencies. In retrospect this was the wrong criteria to
> optimize for.
>
> Currently shipping versions of gcrypt have cipher impls that
> are massively faster than those in nettle and this is way
> more important. The nettle library is also not capable of
> enforcing FIPS compliance, since it considers that out of
> scope. It merely aims to provide general purpose impls of
> algorithms, and usage policy is left upto the layer above,
> such as GNUTTLS.
GNUTLS
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> meson.build | 22 +++++++++++-----------
> 1 file changed, 11 insertions(+), 11 deletions(-)
>
My meson skills are weak, but the change looks reasonable, and the
proof is in building things.
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2021-07-08 19:04 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 9:59 [PATCH 00/18] crypto: misc cleanup and introduce gnutls backend driver Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 01/18] crypto: remove conditional around 3DES crypto test cases Daniel P. Berrangé
2021-07-08 18:27 ` Eric Blake
2021-07-06 9:59 ` [PATCH 02/18] crypto: remove obsolete crypto test condition Daniel P. Berrangé
2021-07-08 18:28 ` Eric Blake
2021-07-06 9:59 ` [PATCH 03/18] crypto: skip essiv ivgen tests if AES+ECB isn't available Daniel P. Berrangé
2021-07-08 18:29 ` Eric Blake
2021-07-06 9:59 ` [PATCH 04/18] crypto: use &error_fatal in crypto tests Daniel P. Berrangé
2021-07-08 18:33 ` Eric Blake
2021-07-06 9:59 ` [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression Daniel P. Berrangé
2021-07-08 18:34 ` Eric Blake
2021-07-06 9:59 ` [PATCH 06/18] crypto: drop gcrypt thread initialization code Daniel P. Berrangé
2021-07-08 18:36 ` Eric Blake
2021-07-06 9:59 ` [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver Daniel P. Berrangé
2021-07-08 18:40 ` Eric Blake
2021-07-06 9:59 ` [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC Daniel P. Berrangé
2021-07-08 18:50 ` Eric Blake
2021-07-09 13:53 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 09/18] crypto: delete built-in DES implementation Daniel P. Berrangé
2021-07-08 18:54 ` Eric Blake
2021-07-06 9:59 ` [PATCH 10/18] crypto: delete built-in XTS cipher mode support Daniel P. Berrangé
2021-07-08 18:56 ` Eric Blake
2021-07-06 9:59 ` [PATCH 11/18] crypto: rename des-rfb cipher to just des Daniel P. Berrangé
2021-07-07 12:47 ` Markus Armbruster
2021-07-07 13:48 ` Daniel P. Berrangé
2021-07-08 14:41 ` Markus Armbruster
2021-07-09 13:59 ` Daniel P. Berrangé
2021-07-08 19:50 ` Eric Blake
2021-07-06 9:59 ` [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt Daniel P. Berrangé
2021-07-08 18:59 ` Eric Blake [this message]
2021-07-06 9:59 ` [PATCH 13/18] crypto: introduce build system for gnutls crypto backend Daniel P. Berrangé
2021-07-08 19:03 ` Eric Blake
2021-07-06 9:59 ` [PATCH 14/18] crypto: add gnutls cipher provider Daniel P. Berrangé
2021-07-08 19:13 ` Eric Blake
2021-07-06 9:59 ` [PATCH 15/18] crypto: add gnutls hash provider Daniel P. Berrangé
2021-07-08 19:29 ` Eric Blake
2021-07-06 9:59 ` [PATCH 16/18] crypto: add gnutls hmac provider Daniel P. Berrangé
2021-07-08 19:35 ` Eric Blake
2021-07-09 14:03 ` Daniel P. Berrangé
2021-07-06 9:59 ` [PATCH 17/18] crypto: add gnutls pbkdf provider Daniel P. Berrangé
2021-07-08 19:43 ` Eric Blake
2021-07-06 9:59 ` [PATCH 18/18] crypto: prefer gnutls as the crypto backend if new enough Daniel P. Berrangé
2021-07-08 19:52 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210708185933.5kis2vmvi45qsxjh@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.