From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49242) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bKoDL-0005Nj-Tp for qemu-devel@nongnu.org; Wed, 06 Jul 2016 10:54:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bKoDJ-0001a9-P2 for qemu-devel@nongnu.org; Wed, 06 Jul 2016 10:54:10 -0400 References: <1467715800-20379-1-git-send-email-berrange@redhat.com> <1467715800-20379-2-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <577D1B84.9040203@redhat.com> Date: Wed, 6 Jul 2016 08:53:56 -0600 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="lJowWHuxRCm4tQIfxVvK3ir42JWSe7xeG" Subject: Re: [Qemu-devel] [PATCH v1 1/2] crypto: use glib as fallback for hash algorithm List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Alberto Garcia , "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Fam Zheng , qemu-block@nongnu.org, Max Reitz This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lJowWHuxRCm4tQIfxVvK3ir42JWSe7xeG From: Eric Blake To: Alberto Garcia , "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Fam Zheng , qemu-block@nongnu.org, Max Reitz Message-ID: <577D1B84.9040203@redhat.com> Subject: Re: [Qemu-devel] [PATCH v1 1/2] crypto: use glib as fallback for hash algorithm References: <1467715800-20379-1-git-send-email-berrange@redhat.com> <1467715800-20379-2-git-send-email-berrange@redhat.com> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 07/06/2016 05:58 AM, Alberto Garcia wrote: > On Tue 05 Jul 2016 12:49:59 PM CEST, "Daniel P. Berrange" wrote: >=20 >> GLib >=3D 2.16 provides GChecksum API which is good enough >> for md5, sha1, sha256 and sha512. Use this as a final >> fallback if neither nettle or gcrypt are available. This >> lets us remove the stub hash impl, and so callers can >> be sure those 4 algs are always available at compile >> time. They may still be disabled at runtime, so a check >> for qcrypto_hash_supports() is still best practice to >> report good error messages. >=20 > Sorry if I missed the explanation, but how do you disable them at > runtime ? FIPS is a common case where portions of a crypto lib are disabled at runtime based on whether the system is running in FIPS mode or not. I don't think any of the hashes in the glib fallback are necessarily covered by FIPS disabling, so much as the qcrypto interface being interested in generically catering to this behavior across the various implementations. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --lJowWHuxRCm4tQIfxVvK3ir42JWSe7xeG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXfRuEAAoJEKeha0olJ0NqyBoH/jRaBZBV3i8yR9KypODVInGH sH9U+/ZTZnzWpR+U089fmkSBrkjMZom2cLtQPcMOcHe0McEcbaGcN+FLwzUVxuLv vDma0DARARSEJ2nONFZXzYv3NK36Gr6MiB/suWSPlai6/DUxtQyMrjyBA2yXPs4y OlZ0yPykU0+ws8lUFXrkfvZSpmRvLT7qn5nnEiKiimCV0sIOG+zECxw05FlFw7V+ QoNIGjVYIk+4nzFoSq9LuoLZ593ERYdCV99fMW5txY7DxIhPdapPmlySmv/L/c9k MMFR/OPOUeoHHv0tiIRUw4Nu0szcgyFzq6Lu/J0a7as0ZR4+uWjzCSoSRIJ+dNc= =xDd0 -----END PGP SIGNATURE----- --lJowWHuxRCm4tQIfxVvK3ir42JWSe7xeG--